Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=directory-service-Google-sync

Set up synchronization with Google Directory

This feature is only available if your license includes Sophos Email or Sophos Phish Threat.

You can synchronize mailboxes, groups, and distribution lists.

Prerequisites

Before you can set up synchronization, check the following:

  • You must be an Admin to set up directory sources.
  • You must have a Sophos Email license.
  • You must sign in to Google Workspace as an Admin with admin access for the workspace.

Add a new Google Directory

  1. Sign in to your Google Admin account.
  2. Go to Account > Domains > Manage domains, then take note of the domain name that you want to sync.
  3. In Sophos Central, go to My Products > General Settings and click Directory service.

  4. Click Add directory service, then do as follows:

    1. Set a name and description.
    2. In Directory type, select Google directory.
    3. In Domain, enter the domain name from your Google Admin account then click Next.

  5. In Configure Google directory sync settings, click Google Apps Admin APIs Terms of Service and Google APIs Terms of Service, read the Terms of Service, then click Accept.

  6. Click Connect.
  7. Choose your Google Admin account.

  8. Allow sophos.com the necessary access, then click Continue. Wait for the connection to load.

    Google Directory Sync Access Grant to Sophos.

  9. When the connection is confirmed, click Close.

  10. In Configure Google directory sync settings, follow these steps before you turn on synchronization:

    1. Copy the Client ID.
    2. Click Google Workspace Admin console.

    Client ID and OAuth scope.

  11. On Google Workspace Admin console, do as follows:

    1. Click Add new and paste the Client ID.
    2. Go back to Sophos Central, then copy the OAuth scopes from the Sophos directory sync settings.
    3. Paste the OAuth scopes on the space provided, then click Authorise.

    Google Workspace Client ID and OAuth scope.

  12. In Configure Google directory sync settings, click Test connection.

  13. When the connection is verified, click Ok.

  14. In Select users and groups to include in the synchronization, select the users and groups to include by selecting one of these options:

    • All users and groups
    • Add users by group filter
    • Add users by user filter

  15. If you selected Add users by group filter or Add users by user filter, configure a group or user filter.

  16. Click Save to save your changes.
  17. After saving, click Turn on then click Synchronize to start synchronizing users and groups.
  18. When synchronization is completed, go to Manage protection > People to view the connected users.

Editing a connected Google domain

You must turn off the sync before making changes to your Directory service settings. To update a domain connected with Sophos Central, do as follows:

  1. In Sophos Central, go to My Products > General Settings and click Directory service.
  2. Click Turn off.

  3. Modify the domain. Below are some of the configurations you can change:

    • Name
    • Synchronization schedule
    • Select users and groups to include in the synchronization

  4. Click Save to save your changes.

  5. Click Turn on.

Note

You can use an existing connection to add a different domain from the same Google account. See Add another domain from the same Google account.