How do I set up sync with GSuite?
- Open the Project Selector page.
- Click on the "Create Project."
- Enter a Project Name, Organization, and Location.
- Click Create.
Enable Admin SDK API for created project
- Go to the following page: https://console.cloud.google.com/apis/library/admin.googleapis.com.
- Choose a newly created project from the header.
- Click on "Enable."
Create the service account and credentials
The following steps create a service account and credentials required for Google Workspace domain-wide delegation of authority. Your code uses the credentials to authorize the service account's actions.
- Open the Service accounts page. If prompted, select a project.
- Click Add to Create Service Account and enter a name and description for the service account.
- Click "Done."
4. After creating a service account, you need to add a key for this account. Click on the "Manage keys" button under the actions.
5. Go to "KEYS," ADD KEY," » "Create new key" button and choose JSON. Once you finish, click Create. Your new public/private key pair is generated and downloaded to your machine; it serves as the only copy of this key. For information on storing it securely, see Managing service account keys.
Delegate domain-wide authority to your service account
To access user data on a Google Workspace domain, the service account that you created needs to be granted access by a super administrator for the domain. For more information about domain-wide delegation, see Control Google Workspace API access with domain-wide delegation.
To delegate domain-wide authority to a service account:
1. Go to the Main menu » Security » Security » API controls from your Google Workspace domain's Admin console, and go to the Main menu » Security » API controls.
2. In the Domain-wide delegation pane, select Manage Domain Wide Delegation.
3. Click Add new.
4. In the Client ID field, enter the client ID obtained from the service account creation steps above.
5. In the OAuth Scopes field, enter a comma-delimited list of the following scopes required for your BullPhish ID project:
6. Click Authorize.
Your service account now has domain-wide access to the Google Admin SDK Directory API for all your domain users. You are ready to instantiate an authorized Admin SDK Directory service object on behalf of your Google Workspace domain's users.
Authenticate with BullPhish ID
1. Log in to the BullPhish ID portal.
2. Select "Directories" under the Targets & Groups drop-down menu from the side-navigation bar.
3. Select add Add Directory Sync button
4. On the "Add Directory Sync" modal, select the directory type as Google Active Directory.
5. Upload the downloaded JSON file mentioned in Create the service account and credentials and enter the desired Impersonation Email.
Only users with access to the Admin APIs can access the Admin SDK Directory API. Therefore, your service account needs to impersonate one of those users to access the Admin SDK Directory API. So, this means that in the Impersonation Email, you need to enter the user's email address who has access to Admin SDK Directory API. It could be the email address of your account.
6. Click Save & Sync. If successful, the user will be taken to the organization's "Edit Directory" page
7. Choose a group you would like to import to the BullPhish ID project and click on "Sync."
Note: BullPhish ID supports dynamic and Nested groups
8. After importing, use the group to create Phishing Simulation/Training campaigns.