How to integrate Google Workspace with Hexnode?

Google Workspace (formerly G Suite) is a unified platform for business apps developed by Google, including productivity, cloud computing, and other collaborative apps and tools dedicated to work. Hexnode is a unified web-console devoted to configuring, managing, and administering work devices.

Hexnode’s integration with Google Workspace allows you to simplify device enrollment and user management operations of your UEM. The integration simplifies the enrollment of your Windows, Android, macOS, and iOS devices securely through Google Workspace authentication and the device enrollment in the Android Enterprise program. Moreover, this will sync the user and group inventory of your organization’s Google Workspace account to Hexnode, facilitating the automatic creation of user accounts.

Create service account

Your organization requires a service account with Google to integrate with Google Workspace. Hexnode uses this service account to push the configurations to the device.

1. Using the Google Workspace admin credential, log in to Google Cloud Console.
2. Click on +CREATE PROJECT.
3. Create a New Project by providing the following details.
   • Project name: Provide a suitable project name and a corresponding project ID will be generated.
   • Click CREATE.
4. From the Navigation menu on the left pane, select APIs and Services > Credentials.
5. Click on +CREATE CREDENTIALS and from the drop-down list that appears select Service account.
6. Create a new service account by providing the following Service account details.
   • Service account name: Provide a suitable name for the service account.
   • Service account ID: An account ID will be automatically generated. If required, you can edit it.
   • Service account description: Provide a suitable description for your service account.
   • Click on CREATE AND CONTINUE.
7. Optional: Grant the service account access to the project created above. Select a role from the drop-down list. Click on Select a role. Choose Service Accounts > Service Account Admin and click CONTINUE.
8. Click DONE.
9. Under Service Accounts, click on the email address corresponding to the newly created service account.
10. Select the Advanced settings dropdown and copy the generated Client ID.
11. At the top, navigate to KEYS. Click on ADD KEY > Create new key and choose the key type as JSON. Click on CREATE.
12. A JSON key will be downloaded. This key is later uploaded on to the Hexnode UEM server.
13. Go back to the APIs & Services interface from the Navigation menu. Select Enabled APIs & services and click on +ENABLE APIS AND SERVICES.
14. In the search box that appears, type Admin SDK API and select the same from the search results.
15. Click on ENABLE to enable Admin SDK API.
16. In order to manage ChromeOS devices, search for and click ENABLE for both the Chrome Management API and the Chrome Policy API as well.

Manage API client access for UEM

This process provides the UEM with a specific API access to apply configurations to the managed devices. Ensure to Enable API access in the Admin console.

1. Using your Google Workspace admin credentials, log in to Google Admin Console and click on Security.
2. From API controls, click on MANAGE DOMAIN WIDE DELEGATION under Domain wide delegation, and click on Add new.
3. Authorize the API clients by providing the following details.
   • Client ID: Copy the unique ID from the downloaded JSON file or from the Google Cloud console.
   • OAuth scopes: Copy and paste the following links
     • https://www.googleapis.com/auth/admin.directory.user – To sync individual users.
     • https://www.googleapis.com/auth/admin.directory.group – To sync user groups.
     • https://www.googleapis.com/auth/admin.directory.domain – To fetch the domain.

     To manage ChromeOS devices, a few additional OAuth scopes need to be authorized. Use the following links:
     

     Disclaimer:

     
     Configuring OAuth scopes to sync ChromeOS devices will result in the allocation of the Hexnode license for each device. It’s important to exercise caution when defining OAuth scopes and ensure that only the necessary devices are added to the Google Admin Console to prevent unintended license assignments.
     

     • https://www.googleapis.com/auth/admin.directory.device.chromeos – To sync ChromeOS devices.
     • https://www.googleapis.com/auth/chrome.management.policy – To sync policies.
     • https://www.googleapis.com/auth/admin.directory.orgunit – To fetch organization units.
     • https://www.googleapis.com/auth/chrome.management.reports.readonly – To fetch ChromeOS device reports.
     • https://www.googleapis.com/auth/chrome.management.appdetails.readonly – To fetch ChromeOS device application details.
     • https://www.googleapis.com/auth/chrome.management.telemetry.readonly – To fetch ChromeOS devices telemetry information.
4. Click on AUTHORIZE.

Integration of Google Workspace with Hexnode server

1. Login to your Hexnode UEM portal.
2. Navigate to Admin > Google Workspace.
3. You will have the following options to be configured.
   • Google Workspace Admin email: Enter the Google Workspace admin email address of the domain that you want to synchronize with Hexnode.
   • Google Workspace key: Upload the JSON key previously downloaded.
4. Click on Next to configure Google Workspace.
5. Now, 2 new options will be displayed:
   • Sync across all domains: Checking this option will sync all the users and/or user groups across all domains. When new domains are created in Google Workspace, they will be automatically synced during the next sync.
   • Choose Domain(s): Only the users and/or user groups present in the selected domains will be synced with Hexnode UEM.
6. With the Scheduled Scan feature, you can set a specific time on a certain day(s) when the Google Workspace sync is to be initiated. Either choose Daily or Weekly options from the Time settings.
   • If Daily is chosen, enter the time in 24-hour format in the fields corresponding to the Initiate sync at option. It will initiate the Google Workspace sync at the specified time every day.
   • If the Weekly option is selected, an additional option to select days will be displayed below the Initiate sync at option. It will initiate the Google Workspace sync at the specified time on the specified days.
7. Click on the Save button to save the configuration.

Edit Google Workspace integration

Google Workspace account details integrated with Hexnode UEM, including the admin email and JSON key, can be updated from the Admin tab in the Hexnode UEM console with the following steps:

Steps to update Google Workspace details:

1. Navigate to the Admin tab.
2. Select Google Workspace from the left-hand menu.
3. In the top right corner, click the Actions drop-down menu and select Modify.
4. You can now update the Google Workspace Admin email* and replace the Google Workspace key (.json)*.
5. Once you’ve made the necessary changes, click Next.
6. You can then choose domains and set up a scheduled scan as required. Finally, click Save to complete the Google Workspace configuration update.