Skip to content

Zj stratus fort/google workspace docs #213

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
primetheus merged 4 commits into from
Mar 19, 2025
Merged

Zj stratus fort/google workspace docs #213

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
b0eca61
adding documentation and example env for Google Workspace
ZJ-StratusFort Mar 8, 2025
2243bff
typo
ZJ-StratusFort Mar 8, 2025
216fd99
Update wording for google workspace account
ZJ-StratusFort Mar 14, 2025
020c3b5
Making wording more clear for google workspace admin account
ZJ-StratusFort Mar 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
82 changes: 82 additions & 0 deletions .env.example.googleworkspace
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@
#########################
## GitHub App Settings ##
#########################
## Webhook Secret
WEBHOOK_SECRET=development
## GitHub App ID
APP_ID=12345
## Private Key Path
PRIVATE_KEY_PATH=.ssh/team-sync.pem
## Uncomment the following line and use your own GitHub Enterprise
## instance if this will not be used on https://github.com
#GHE_HOST=github.example.com
## Uncomment if you are using a self-signed certificate on GitHub Enterprise.
## Defaults to False.
#VERIFY_SSL=False

## User directory to sync GitHub teams from
## Azure AD = AAD
## Active Directory = LDAP
## OpenLDAP = LDAP
## Okta = OKTA
## OneLogin = ONELOGIN
## Google Workspace = GOOGLE_WORKSPACE
USER_DIRECTORY=GOOGLE_WORKSPACE
## Attribute to compare users with, username or email
## For Google Workspace, the username option will use the specefied custom schema attribute
USER_SYNC_ATTRIBUTE=username


###############################
## Google Workspace Settings ##
###############################
## Location of the Google Workspace service account credentials file
GOOGLE_WORKSPACE_SA_CREDS_FILE=googleAuth.json
## Email of a Google Workspace Admin account the service account will impersonate
GOOGLE_WORKSPACE_ADMIN_EMAIL=admin@example.com
## Email attribute to use for syncing users, not required if syncing by username
## Default: primaryEmail
# GOOGLE_WORKSPACE_USER_MAIL_ATTRIBUTE=
## Custom schema name
## Not required if syncing by email
GOOGLE_WORKSPACE_USERNAME_CUSTOM_SCHEMA_NAME=schema-name
## Custom schema attribute field name
## Not required if syncing by email
GOOGLE_WORKSPACE_USERNAME_FIELD=field-name

#########################
## Additional settings ##
#########################
## Stop if number of changes exceeds this number
## Default: 25
#CHANGE_THRESHOLD=25
## Create an issue if the sync fails for any reason
## Default: false
#OPEN_ISSUE_ON_FAILURE=true
## Where to open the issue upon sync failure
#REPO_FOR_ISSUES=github-demo/demo-repo
## Who to assign the issues to
#ISSUE_ASSIGNEE=githubber
## Sync schedule, cron style schedule

## Default (hourly): 0 * * * *
SYNC_SCHEDULE=0 * * * *
## Show the changes, but do not make any changes
## Default: false
#TEST_MODE=false
## Automatically add users missing from the organization
ADD_MEMBER=false
## Automatically remove users from the organisation that are not part of a team
REMOVE_ORG_MEMBERS_WITHOUT_TEAM=false

####################
## Flask Settings ##
####################
## Default: app
FLASK_APP=app
## Default: production
FLASK_ENV=development
## Default: 5000
FLASK_RUN_PORT=5000
## Default: 127.0.0.1
FLASK_RUN_HOST=0.0.0.0
18 changes: 18 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,15 @@ This app requires the following Azure permissions:
If you have `ADMIN_FINE_GRAINED_AUTHZ` enabled, you only need the following permission for the user realm:
- `view-users`

#### Google Workspace Permissions
You must delegate domain-wide authority to the service account with the following scopes:
- `https://www.googleapis.com/auth/admin.directory.group.readonly`
- `https://www.googleapis.com/auth/admin.directory.group.member.readonly`
- `https://www.googleapis.com/auth/admin.directory.user.readonly`

You must provide a Google Workspace Admin account for the service account to impersonate.
It must have Admin API permissions greater or equal to the scopes listed above.

## Getting Started
To get started, ensure that you are using **Python 3.9** (or update your `Pipfile` to the version you're running, 3.4+). The following additional libraries are required:

Expand Down Expand Up @@ -116,6 +125,7 @@ GHE_HOST=github.example.com
## AD/LDAP = LDAP
## Okta = OKTA
## OneLogin = ONELOGIN
## Google Workspace = GOOGLE_WORKSPACE
USER_DIRECTORY=LDAP

## Sync users on username or email attribute
Expand Down Expand Up @@ -203,6 +213,14 @@ ONELOGIN_CLIENT_SECRET='ca3a86f982fjjkjjkfkhls'
REGION=US
```

### Sample `.env` for Google Workspace
```env
GOOGLE_WORKSPACE_SA_CREDS_FILE=googleAuth.json
GOOGLE_WORKSPACE_ADMIN_EMAIL=admin@example.com
GOOGLE_WORKSPACE_USERNAME_CUSTOM_SCHEMA_NAME=schema-name
GOOGLE_WORKSPACE_USERNAME_FIELD=field-name
```

### Sample `.env` settings for additional settings
```env
## Additional settings
Expand Down