N-central Help

Configure G-Suite for SSO

SolarWinds MSP recommends that you thoroughly review the Google G-Suite developer documentation before configuring SSO.

You will need to configure G-Suite for SSO before you configure SolarWinds N-central.

  1. Create service account for importing users into SolarWinds N-central.
    1. Open a browser and navigate to https://console.developers.google.com.
    2. In the upper left of the console page click IAM & admin.
    3. Click Service accounts.
    4. Click Create service account.
    5. Enter a Service account name.
    6. Choose an Role. These G-Suite roles are based on the type of access they have to the project. For example, the Project Owner role has full access to all project resources.
      1. Select the Furnish a new private key check box.
      2. Make sure the JSON Key type is selected. This will be downloaded locally immediately after you create the Service account.
      3. Select the Enable G-suite Domain-Wide Delegation check box.

      4. Enter the Product name for the consent screen.
      5. Click Create.

        You will see a confirmation pop-up that the Service account and key have been created, and downloaded locally.

  2. Impersonate service account.
    1. Continuing from above, click IAM in the top left of the IAM & admin menu.
    2. Click Add (near the top of the page).
    3. Enter New members from any existing G-suite account.
    4. From the Role drop-down menu, select the appropriate Role to associate with the new member.

      You can add more than one Role for the new member.

    5. Click Save.
  3. Create a login ClientID and the SolarWinds N-central whitelist.
    1. Browse to https://console.developers.google.com.
    2. In the top left APIs & Services menu, click Credentials.
    3. In the Create credentials drop-down menu, select Oauth client ID.
    4. Select Web application.
    5. In the Authorized Javascript origins, enter the FQDN of the SolarWinds N-central server, including either the http:// or https:// protocol.

      The simple IP address is not enough. You will not be able to connect to a SolarWinds N-central server unless http:// or https:// is included in the FQDN.

    6. Click Create. You will see a confirmation pop-up message about the client ID created.
  4. Enable the Admin SDK API.
    1. Browse to https://console.developers.google.com.
    2. In the top left APIs & Services menu, click Library
    3. Search for "Admin SDK", and click on the result. The Admin SDK page displays.
    4. Click ENABLE.

  5. API client authorization

    Authorizing an API client allows the service account access to specific API services.

    1. Browse to admin.google.com.
    2. Navigate to Security in top left menu.
    3. Click Settings.
    4. Click Advanced > Manage API client access.
    5. In the Client Name field enter the Service account Client ID.

      You can find the Service account Client ID either in JSON with the private key, or by going to console.developers.google.com, and navigating to APIs & Services > Credentials. The Client ID is listed under OAuth 2.0 client IDs.

    6. In the One or More API Scopes field, enter the following:
      • https://www.googleapis.com/auth/admin.directory.group.readonly, https://www.googleapis.com/auth/admin.directory.group.member.readonly, https://www.googleapis.com/auth/admin.directory.user.readonly

      • Shown here as three separate lines but should be entered as a single, continuous, comma-delimited string.

    7. Click Authorize.