Set up synchronization with Google Directory
This feature is only available if your license includes Sophos Email or Sophos Phish Threat.
You can synchronize mailboxes, groups, and distribution lists from your Google Directory source to Sophos Central.
The following video provides an overview and step-by-step guide on how to set up Google Directory synchronization.
Prerequisites
Before you can set up synchronization, check the following:
- You must be an Admin to set up directory sources.
- You must have a Sophos Email or Sophos Phish Threat license.
- You must sign in to Google Workspace as an Admin with admin access for the workspace.
Warning
By default, the service account key creation policy in Google Cloud is enabled for new Google Workspace accounts. If this policy isn't disabled, directory synchronization with Google Directory will fail.
To prevent directory synchronization from failing, disable this policy in Google Cloud. For detailed instructions, see Disable service account key creation policy in Google Cloud.
Add a new Google Directory
- Sign in to your Google Admin account.
- Go to Account > Domains > Manage domains, then take note of the domain name that you want to sync.
- In Sophos Central, go to My Products > General Settings and click Directory service.
-
Click Add directory service, then do as follows:
- Set a name and description.
- In Directory type, select Google directory.
- In Domain, enter the domain name from your Google Admin account then click Next.
-
In Configure Google directory sync settings, click Google Apps Admin APIs Terms of Service and Google APIs Terms of Service, read the Terms of Service, then click Accept.
- Click Connect.
- Choose your Google Admin account.
-
Allow
sophos.com
the necessary access, then click Continue. Wait for the connection to load. -
When the connection is confirmed, click Close.
-
In Configure Google directory sync settings, follow these steps before you turn on synchronization:
- Copy the Client ID.
- Click Google Workspace Admin console.
-
On Google Workspace Admin console, do as follows:
- Click Add new and paste the Client ID.
- Go back to Sophos Central, then copy the OAuth scopes from the Sophos directory sync settings.
- Paste the OAuth scopes on the space provided, then click Authorise.
-
In Configure Google directory sync settings, click Test connection.
- When the connection is verified, click Ok.
-
In Select users and groups to include in the synchronization, select the users and groups to include by selecting one of these options:
- All users and groups
- Add users by group filter
- Add users by user filter
-
If you selected Add users by group filter or Add users by user filter, configure a group or user filter.
- Click Save to save your changes.
- After saving, click Turn on then click Synchronize to start synchronizing users and groups.
- When synchronization is completed, go to Manage protection > People to view the connected users.
Editing a connected Google domain
You must turn off the sync before making changes to your Directory service settings. To update a domain connected with Sophos Central, do as follows:
- In Sophos Central, go to My Products > General Settings and click Directory service.
- Click Turn off.
-
Modify the domain. Below are some of the configurations you can change:
- Name
- Synchronization schedule
- Select users and groups to include in the synchronization
-
Click Save to save your changes.
- Click Turn on.
Note
You can use an existing connection to add a different domain from the same Google account. See Add another domain from the same Google account.