Google Apps Synchronization
The Google Apps Synchronization app synchronizes the users, groups and passwords on your ClearOS system with your Google Apps domain. Whether you add new users to a group or change a user password, these changes will synchronize to the cloud.
Please note, the synchronization tool is not available for the free version of Google Apps… sorry.
Installation
If your system does not have this app available, you can install it via the Marketplace.
Menu
You can find this feature in the menu system at the following location:
Getting Started
Download Security Certificate
The first thing you need to do is configure Google Apps to allow synchronization. To lay the groundwork, you first need to download the security certificate needed that was generated by the ClearOS system:
- Login to the web-based administration in ClearOS
- In the menu, go to
Server|Messaging and Collaboration|Google Apps Synchronization - Download the security certificate (see screenshot)
Enable Google Apps Synchronization
With your security certificate in hand, you are now ready to configure your Google Apps domain.
- Login to your Google App's account with an account with administrator privileges
- Go to the Administrator's control panel (hard to find in some versions!)
- Click on the Security icon (you may need to click on More Controls)
- Click on the Advanced Settings option
- Click on Manage OAuth domain key link in the Authentication section
- Check the Enable this consumer key checkbox
- Under X.509 certificate, upload the security certificate that you just downloaded from ClearOS
- Click on
Enable User Provisioning
With the security configuration complete, the next step is to configure user/group provisioning. Continuing from the Google Apps Administrator's control panel:
- Click on the Security icon (you may need to click on More Controls)
- Click on the API Reference option
- Check the Enable API access checkbox
- Click on
Complete the Connection
That is all that needs to be done in Google Apps. Go back to the ClearOS web-based interface and enter your Google Apps domain name. Click on the Configure and Authorize button to start the authorization process. If you are not logged in, you will be shown the standard Google Apps login page. Go ahead an login. At this point, you should see a page similar to screenshot shown.
Click on the Grant Access button and the connection between Google Apps and your ClearOS system will be complete! Next step - checking the synchronization.
Synchronization
Testing Synchronization
Before enabling automatic synchronization, you can test the process using the web-based administration tool in ClearOS.
- Login to the web-based administration in ClearOS
- In the menu, go to
Server|Messaging and Collaboration|Google Apps Synchronization - Click on the
In most cases, you will see the following error:
The Google Apps administrator account cannot be suspended
That makes sense (I hope!). Follow the link to create the account on your ClearOS system. Please make sure the Google Apps option is enabled when you create the user!
Users
Go ahead and create a user with Google Apps enabled and then re-run the synchronization test. One you are happy with the results, perform a synchronization and please read the following warning:
Groups
Groups are also synchronized to Google Apps:
- In the web-based administration tool, go to
System|Account Manager|Groups - Create a group and make sure Distribution List is enabled
After the synchronization is complete, it will take a minute or two to see the results in the Google Apps administration portal. If you would like external users to be able to e-mail groupname@your_domain.com, you need to update this policy in the Google Apps portal. By default, the mailing list is only available to internal users.
Enabling Automatic Synchronization
The final step in Google Apps Synchronization is the easiest. Please make sure automatic synchronization is enabled. This is especially important to catch the password changes that can be triggered by an end user.
Managing Users
In order to protect against losing user data, a user is put into suspended mode if Google Apps is disabled from the ClearOS User Manager. In order to completely delete the user, please use the Google Apps administrator interface to do so. You can also restore the user if the deletion was unintended.
Troubleshooting
Error 1300: EntityExists
You will see this error if you try to create a user that already exists, but is suspended. See Managing Users above.