Home Knowledge Base Documentation Google Lookup via Service Account Using Cloud RADIUS

Google Lookup via Service Account Using Cloud RADIUS

The integration of Google Lookup via a Service Account with Cloud RADIUS allows organizations to authenticate and authorize users efficiently. By using Cloud RADIUS, administrators can leverage Google Workspace user information, simplifying the management of network access and ensuring that only authorized users can connect to the network.

This guide outlines the steps to set up Google Lookup through a Service Account using Cloud RADIUS.

Prerequisites

Before proceeding with the setup, ensure you have:

  • A Google Workspace account with admin rights.
  • Access to Google Cloud Console to create a Service Account.
  • An active subscription to Cloud RADIUS.

Setting up Google Lookup via Service Account with Cloud RADIUS

Follow these steps to configure Google Lookup via Service Account with Cloud RADIUS:

  1. Create a Google Cloud Service Account
  2. Enable Google Admin SDK API
  3. Configure Service Account Credentials
  4. Set up Cloud RADIUS with Google Lookup

Step 1: Create a Google Cloud Service Account

The Google Service Account must be created in the IAM & Admin console. Log into the Google IAM & Admin console with the link here

To create a new project in Google service account:

  1. Log in to Google Service Account.
  2. Click the Project drop-down at the top of the page.
  3. Click NEW PROJECT.
  4. In the New Project page, enter a name for the project in the Project name field.
  5. From the Organization drop-down, select the required organization for the project.
  6. From the Location drop-down, select the parent organization. 
  7. Click Create.

 

3.2 Enabling Admin SDK API Privileges

The Google Admin SDK API must be enabled to view and manage users, groups and devices present in the organization’s project.

 

To enable Admin SDK API:

 

  1. From the Projects menu, select the project created in the previous section: 3.1 Creating a New Project.
  2. From the side menu, navigate to API & Services > Enabled API & Services.

 

  1. In the API Library page, in the search box, enter Admin SDK API.
  1. Click on Admin SDK API.
  2. Click Enable.

3.3 Creating A Service Account and a JSON Key File

 

JoinNow needs a Google Service Account to authorize communication with Google to do a lookup operation on behalf of the service account. To create a Service Account in Google:

 

  1. Navigate to the IAM & Admin menu.
  2. From the left menu pane, click Service Accounts.
  3. Click + CREATE SERVICE ACCOUNT.
  4. In the Service account name field, enter a name for your service account.
  5. In the Service account ID field, enter an ID for the service account. 
  6. Click CREATE AND CONTINUE
  7. Click DONE. The required service account will be created. Click on the service account link.
  8. In the service account page, click on the KEYS tab.
  9. From the ADD KEY drop-down, select Create new Key.
  10. In the Create private key pop-up, select Key type as JSON.

Click CREATE. The JSON file will be downloaded to the device. Click CLOSE.

Step 2: Enabling Admin SDK API Privileges

The Google Admin SDK API must be enabled to view and manage users, groups and devices present in the organization’s project.

 

To enable Admin SDK API:

 

  1. From the Projects menu, select the project created in the previous section: 3.1 Creating a New Project.
  2. From the side menu, navigate to API & Services > Enabled API & Services.

 

  1. In the API Library page, in the search box, enter Admin SDK API.
  1. Click on Admin SDK API.
  2. Click Enable.

3.3 Creating A Service Account and a JSON Key File

 

JoinNow needs a Google Service Account to authorize communication with Google to do a lookup operation on behalf of the service account. To create a Service Account in Google:

 

  1. Navigate to the IAM & Admin menu.
  2. From the left menu pane, click Service Accounts.
  3. Click + CREATE SERVICE ACCOUNT.
  4. In the Service account name field, enter a name for your service account.
  5. In the Service account ID field, enter an ID for the service account. 
  6. Click CREATE AND CONTINUE
  7. Click DONE. The required service account will be created. Click on the service account link.
  8. In the service account page, click on the KEYS tab.
  9. From the ADD KEY drop-down, select Create new Key.
  10. In the Create private key pop-up, select Key type as JSON.
  11. Click CREATE. The JSON file will be downloaded to the device. Click CLOSE.

Step 3: Configure Service Account Credentials

  • Domain-Wide Delegation:
    • Go to Google Workspace Admin Console.
    • Navigate to Security -> API Controls -> Manage Domain Wide Delegation.
    • Click Add New and enter the Client ID from your service account JSON file.
    • Specify the API Scopes: https://www.googleapis.com/auth/admin.directory.user.readonly to provide read access.

Step 4: Set up Cloud RADIUS with Google Lookup

  • Log in to Cloud RADIUS:

    • Access your Cloud RADIUS management dashboard.

  • Configure Google Lookup:

    • Navigate to Identity Management -> Identity Providers.
    • Click Add Identity Provider.
    • Enter Name and Description.
    • Select Google Workspace or equivalent as the provider type.

  • Upload Service Account Key:

    • Input the downloaded JSON key content from Google Cloud Service Account.

  • Set API Scopes:

    • Ensure scopes match those authorized in the Google Workspace Admin Console.

  • Test Connection:

    • Use the test feature in your Cloud RADIUS interface to verify the configuration.

  • Adjust Policy Settings:

    • Define policies for user authentication and authorization as needed.
More Google Workspace Explainers