In order to access a user’s group membership, we must use the Google Admin Directory API. We will setup a Google Cloud Platform (GCP) service account and grant it access to the Directory API.
Enable the Admin SDK here .
In your Cloud Console , create a service account that will access the G Suite Directory API.
Give your service account access to the G Suite Directory API in the G Suite Admin console .
https://www.googleapis.com/auth/admin.directory.group.readonly
as the API scope.Make sure you’ve configured roles for accounts, as described here . Each role included in the command must match the name of a group in the organization.
With the authorized service account’s credentials in hand, use Halyard to configure Fiat:
ADMIN=admin@your.org # An administrator's email address
CREDENTIALS=/path/to/creds.json # The downloaded service account credentials
DOMAIN=your.org # Your organization's domain.
hal config security authz google edit \
--admin-username $ADMIN \
--credential-path $CREDENTIALS \
--domain $DOMAIN
hal config security authz edit --type google
hal config security authz enable