Onboarding a Google Workspace application in Britive

Perform the following steps for adding a Google Workspace tenant application to Britive:
Before onboarding the application, ensure that you have completed the onboarding prerequisites mentioned in the section Prerequisites for Google Workspace onboarding.

1. Login to Britive with administrator privileges.
2. Click Admin -> Application and Access Profile Management.
3. From the Tenant Applications page, click on CREATE APPLICATION.
4. On the Add Application page, click the Add (+) sign inline to the Google Workspace application.
5. In the Application tab, enter the following values:
   1. Enter the Application Name.
   2. Enter the Application Description, if required.
   3. Under Account Mapping, you can choose the username or email mapping to map the username or user email with the Google Workspace account, respectively. You can also choose the default setting No mapping, as per your requirement.
6. Click NEXT. The Settings tab is displayed,
7. In the Settings tab, enter the following values:
   1. Enter the following details in the Connection Properties:
      1. Enter the Google Workspace Admin Email.
      2. Copy and paste the JSON of the service account key (credentials) that was generated when the service account was created in The Service Account Credentials - Content of Private Key File as JSON String field.
      3. Enter the custom console URL in the Login URL, if required.
      4. Check Create user account for super admin role. If this option is selected, Britive does the following:
         • Upon check-out of the super admin role: 
           • Britive creates a new user with the suffix _britive added at the end of the email address before the domain with a random password.
           • Assign this user a super admin role.
         • Upon check-in:
           • The super admin role is removed from the user account.
           • The password is changed and the account is suspended.
   2. Enter the following details in the Scan Optionssection:
      1. Scan roles: Select this option if roles need to be scanned and managed in profiles.
      2. Scan groups: Select this option if groups need to be scanned and managed in profiles.
   3. Enter the following details in the SSO Settings section:
      1. Check Enable SSO to enable SSO.
      2. Replace {domain} with the primary domain from Google Workspace in the Audience field.
      3. Replace {domain} with the primary domain from Google Workspace in the ACS URL field.
   4. Enter the following details in the Account Mapping section:
      1. Select Use another domain for account mapping if the email domain of Britive users is different from the primary domain in Google Workspace.
      2. Enter the domain of the Britive Users in the field Email Domain of Britive Users.
      3. Enter the domain from Google Workspace In Primary Domain in Google Workspace field.

   5. Profile Settings: Configure the maximum session duration for profiles. You can select the duration between 15 minutes to 7 calendar days. This allows to setup expiration duration for each profile while creating/updating the profile up to this configured value. If existing profiles are created with more than 12 hours and the above setting is changed, then it cannot be lowered until all profiles are updated with a lower expiration duration.

8. Click SAVE AND TEST. If the Google Workspace application is configured with correct values, then a success message is displayed.