Use this guide to enable directory (AD, SQL, Oracle, etc.) to G Suite (formerly Google Apps) password synchronization via SecureAuth IdP.

This enables users' passwords to change in both the directory and G Suite once modified in one location.

1. Create a Service Account with G Suite

2. Delegate domain-wide authority to the G Suite Service Account 

3. Have a directory Service Account with read and write access for SecureAuth IdP

4. Have an Active Directory field to which SecureAuth IdP can map a Profile Property

For other data stores, the field mapping will need to be configured through the directory

This step is for Active Directory data stores only

1. In the Profile Fields section, map a directory field to Ext. Sync Pwd Date Profile Property, and check Writable

This is to contain the date on which the G Suite password was last synchronized with AD

Click Save once the configurations have been completed and before leaving the Data page to avoid losing changes

2. Leave the Google Apps Domain Name field blank

3. Set the Admin Email to the G Suite Administrative email account

4. Set the Service Email to the Service Account email address obtained from the G Suite Steps above (step 18)

5. Click Choose File and select the p12 File obtained in the G Suite Steps above (step 12)

6. Set the P12 Password to the Private Key Password obtained in the G Suite Steps above (step 12)

7. Select Enabled from the Create User dropdown if SecureAuth IdP is to automatically create the G Suite user account (if it does not already exist)

8. Select Enabled from the Sync Password dropdown if SecureAuth IdP is to conduct a one-way synchronization of the user's directory password to G Suite

To synchronize on specific dates versus every time the password changes, map a directory field to the Ext. Sync Pwd Date property in the Data tab

If no field is mapped, then the password synchronizes every time

G Suite requires passwords with a minimum of 8 characters

9. Select Enabled from the Mail Forwarding dropdown if another email address will receive messages; select Disabled to disable the feature; or select Not Set if SecureAuth IdP is to not be included in this feature

10. Select the Profile Field that contains the user's Forwarding Email Address

Click Save once the configurations have been completed and before leaving the Post Authentication page to avoid losing changes