How do I enable Groups & Organizational Units with Google SSO?

Select MediaCore accounts include an optional extension to our standard Google SSO support. Once the extension is enabled, MediaCore will collect information about a user's Groups and Organizational Units from your Google Apps domain whenever a user logs in via Google SSO.

This allows you to manage the content your groups have access to in MediaCore, while continuing to manage the groups of users within Google Apps. 

This feature is a little tricky to set up (we're working on it!) 

In order to enable this new feature within MediaCore, contact our Sales or Support team to discuss configuration specifics. Once enabled, you'll have two options to select from: "Assign Google Groups to Users" and "Assign Google Organizational Units to Users".

To enable this feature you will need the following three things:

1) MediaCore's "Client Name": 1060417666392-ckeg7p269sduk4hiocbm925ki08q2gb6.apps.goog leusercontent.com

2) MediaCore's "API Scopes":
https://apps-apis.google.com/a/feeds/groups/
https://apps-apis.google.com/a/feeds/policies/
​https://apps-apis.google.com/a/feeds/user/


A user on your Google Apps domain that you don't mind giving a couple extra permissions (only read permissions, no write permissions!). This user must also have logged into google.com at least once, in order to accept the Google Apps Terms of Service, or SSO will not work.

Follow the instructions on the screen shots below to enable Groups and Organizational Units with Google SSO:

Create a new Administrator Role
​

1) Select "Admin Roles" from the Admin Console.



2) Select "Create a New Role" in the upper left corner.
 


3) Provide a new name and description for your new role.



4) Add the read only API permissions for the new role and click "Save changes".



Add a Role to the API User

1) From the main admin console, select "Users".


2) Select the user you will delegate API access to. In the below example we have created a new user names "MediaCore API", but you may use any administrative user you would like.

3) Click on the "Admin Roles and Privileges" for your chosen user.




4) Add the previously created "Read Only API" role to the user. Select "Manage Roles", then check the box beside "Read Only API".





5) From the main Admin Console, select "Security".



Authorize MediaCore to Access Your Account

1) Select "Advanced Settings".



2) Select "Manage API Client Access".



Again, here is MediaCore's "Client Name":
1060417666392-ckeg7p269sduk4hiocbm925ki08q2gb6.apps.googleusercontent.com and MediaCore's "API Scopes": https://apps-apis.google.com/a/feeds/groups/
https://apps-apis.google.com/a/feeds/policies/
https://apps-apis.google.com/a/feeds/user/ 



4) Navigate to your MediaCore site and go to the admin panel. From here, click on "Site Settings" > Authentication. Turn the Google toggle on and click on "Configure Google settings". From here fill in the Google Apps Domain and Advanced field.







 
LAST UPDATED:

Jun. 18, 2015