luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

update G Suite to Google Workspace in docs (#14126) 

* update G Suite to Google Workplace in docs

* fix Google Workplace to Workspace typo
This commit is contained in:
Chris Capurso 2022-02-17 13:01:45 -05:00 committed by GitHub
parent 36ccfaa3aa
commit 797f11b0e5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
website/content/docs/auth/gcp.mdx
View File

@ -17,7 +17,7 @@ authentication of:
- Google Compute Engine (GCE) instances
This backend focuses on identities specific to Google _Cloud_ and does not
support authenticating arbitrary Google or G Suite users or generic OAuth
support authenticating arbitrary Google or Google Workspace users or generic OAuth
against Google.
This plugin is developed in a separate GitHub repository at

24
website/content/docs/auth/jwt/oidc_providers.mdx
View File

@ -165,23 +165,23 @@ Main reference: [Using OAuth 2.0 to Access Google APIs](https://developers.googl
### Optional Google-specific Configuration
Google-specific configuration is available when using Google as an identity provider from the
Vault JWT/OIDC auth method. The configuration allows Vault to obtain G Suite group membership and
user information during the JWT/OIDC authentication flow. The group membership obtained from G Suite
may be used for Identity group alias association. The user information obtained from G Suite can be
Vault JWT/OIDC auth method. The configuration allows Vault to obtain Google Workspace group membership and
user information during the JWT/OIDC authentication flow. The group membership obtained from Google Workspace
may be used for Identity group alias association. The user information obtained from Google Workspace can be
used to copy claims data into resulting auth token and alias metadata via [claim_mappings](/api/auth/jwt#claim_mappings).
#### Setup
To set up the Google-specific handling, you'll need:
- A G Suite account with the [super admin role](https://support.google.com/a/answer/2405986?hl=en)
- A Google Workspace account with the [super admin role](https://support.google.com/a/answer/2405986?hl=en)
for granting domain-wide delegation API client access.
- The ability to create a service account in [Google Cloud Platform](https://console.developers.google.com/iam-admin/serviceaccounts).
The Google-specific handling that's used to fetch G Suite groups and user information in Vault uses
[G Suite Domain-Wide Delegation of Authority](https://developers.google.com/admin-sdk/directory/v1/guides/delegation)
The Google-specific handling that's used to fetch Google Workspace groups and user information in Vault uses
[Google Workspace Domain-Wide Delegation of Authority](https://developers.google.com/admin-sdk/directory/v1/guides/delegation)
for authentication and authorization. You need to follow **all steps** in the [guide](https://developers.google.com/admin-sdk/directory/v1/guides/delegation)
to obtain the key file for a Google service account capable of making requests to the G Suite
to obtain the key file for a Google service account capable of making requests to the Google Workspace
[User Accounts](https://developers.google.com/admin-sdk/directory/v1/guides/manage-users) and
[Groups](https://developers.google.com/admin-sdk/directory/v1/guides/manage-groups) APIs.
@ -204,12 +204,12 @@ host that Vault is running on.
- `gsuite_service_account` `(string: <required>)` - Either the path to or the contents of a Google service
account key file in JSON format. If given as a file path, it must refer to a file that's readable on
the host that Vault is running on. If given directly as JSON contents, the JSON must be properly escaped.
- `gsuite_admin_impersonate` `(string: <required>)` - Email address of a G Suite admin to impersonate.
- `fetch_groups` `(bool: false)` - If set to true, groups will be fetched from G Suite.
- `fetch_user_info` `(bool: false)` - If set to true, user info will be fetched from G Suite using the configured [user_custom_schemas](#user_custom_schemas).
- `gsuite_admin_impersonate` `(string: <required>)` - Email address of a Google Workspace admin to impersonate.
- `fetch_groups` `(bool: false)` - If set to true, groups will be fetched from Google Workspace.
- `fetch_user_info` `(bool: false)` - If set to true, user info will be fetched from Google Workspace using the configured [user_custom_schemas](#user_custom_schemas).
- `groups_recurse_max_depth` `(int: <optional>)` - Group membership recursion max depth. Defaults to 0, which means don't recurse.
- `user_custom_schemas` `(string: <optional>)` - Comma-separated list of G Suite [custom schemas](https://developers.google.com/admin-sdk/directory/v1/guides/manage-schemas).
Values set for G Suite users using custom schema fields will be fetched and made available as claims that can be used with [claim_mappings](/api/auth/jwt#claim_mappings). Required if [fetch_user_info](#fetch_user_info) is set to true.
- `user_custom_schemas` `(string: <optional>)` - Comma-separated list of Google Workspace [custom schemas](https://developers.google.com/admin-sdk/directory/v1/guides/manage-schemas).
Values set for Google Workspace users using custom schema fields will be fetched and made available as claims that can be used with [claim_mappings](/api/auth/jwt#claim_mappings). Required if [fetch_user_info](#fetch_user_info) is set to true.
Example configuration: