Onboarding a Google Workspace application in Britive

Perform the following steps for adding a Google Workspace tenant application to Britive:
Before onboarding the application, ensure that you have completed the onboarding prerequisites mentioned in the section Prerequisites for Google Workspace  onboarding.

1. Login to Britive with administrator privileges.
2. Click Admin -> Application and Access Profile Management.
3. From the Tenant Applications page, click on CREATE APPLICATION.
4. On Add Application page, click Add (+) sign inline to the Google Workspace  application.
5. In the Application tab, enter the following values:
   1. Enter the Application Name.
   2. Enter the Application Description, if required.
   3. Under Account Mapping, you can choose the username or email mapping, to map the username or user email with the Google Workspace account, respectively. You can also choose the default setting No mapping, as per your requirement.
6. Click Next. The Settings tab is displayed,
7. In the Settings tab, enter the following values:
   1. Enter the following details in the Connection Properties:
      1. Enter the Google Workspace Admin Email.
      2. Copy and paste the JSON of the service account key (credentials) that was generated when the service account was created in The Service Account Credentials - Content of Private Key File as JSON String field.
      3. Enter the custom console URL in Login URL, if required.
      4. Check Create user account for super admin role. If this option is selected, Britive does the following:
         • Upon check-out of the super admin role: 
           • Britive creates a new user with suffix _britive added at the end of the email address before the domain with a random password.
           • Assigns this user a super admin role.
         • Upon check-in:
           • Super admin role is removed from the user account.
           • Password is changed and the account is suspended.
   2. Enter the following details in SSO Settings section:
      1. Check Enable SSO to enable SSO.
      2. Replace {domain} with the primary domain from Google workspace in the Audience field.
      3. Replace {domain} with the primary domain from Google workspace in the ACS URL field.
   3. Enter the following details in the Account Mapping section:
      1. Select Use another domain for account mapping if the email domain of Britive users is different from primary domain in Google workspace.
      2. Enter the domain of the Britive Users in the field Email Domain of Britive Users.
      3. Enter the domain from Google Workspace In Primary Domain in Google Workspace field.

   4. Profile Settings: Configure the maximum session duration for profiles. You can select the duration between 15 minutes to 7 calendar days. This allows to setup expiration duration for each profile while creating/updating the profile up to this configured value. If existing profiles are created with more than 12 hours and the above setting is changed, then it cannot be lowered until all profiles are updated with a lower expiration duration.

8. Click Save and Test. If the Google Workspace application is configured with correct values, then a success message is displayed.