Register a Google application for Token Vault

To register a Google application for Token Vault, you need to specify certain properties of this application (Client ID, Client secret and Redirect URI).

This topic describes the first configuration task in the process of setting up an SMTP via LDAP connector or the Notification service with Google's Gmail SMTP server to use modern authentication.

Perform this task at the Google Cloud Platform Console portal.

  1. Navigate to https://console.cloud.google.com.
  2. Log in with an existing Google account.
  3. Click Select a project in the top navigation pane, and then click New project on the appearing Select a project dialog box to create a new project.
  4. Specify the Project name.
  5. Click Organization and select your organization. In the Location field, click Browse to display potential locations for your project. Select a project, and click Create.

    Organization is only available if your Google account belongs to a Google workspace (formerly G Suite).

    After a while, the project Dashboard page appears.

  6. Locate the Getting Started section, and select Explore and enable APIs.

    The APIs & Services screen appears.

  7. Click Library in the left menu to explore and enable APIs.

    The API Library page appears.

  8. Search for Gmail API, and click it to open the Gmail API page, and then click Enable to enable this API for the project.

    This API is required if you want to configure the SMTP via LDAP connector and/or the Notification service with Google's Gmail SMTP server and modern authentication.

  9. Click APIs & Services on the top of the left menu to navigate back to that page, and then click Library again in the left menu.

    The API Library page appears.

  10. Search for Contacts API, and click it to open the Contacts API page, then click Enable to enable this API for the project.

    This API is required if you want to configure the SMTP via LDAP connector with Google's Gmail SMTP server and modern authentication and to enable users to access the contacts in their Google address book.

  11. Click APIs & Services on the top of the left menu to navigate back to that page.
  12. Select OAuth consent screen in the left menu to set it up and to register an application.
  13. Select Internal as User type if an organization was specified in step 5. Otherwise, select External, and click Create.

    The Edit app registration page appears.

  14. Fill out the required information for app registration:

    • Specify the App name and the User support email under the App information section.

      The authorization process displays this name when asking end users to grant permissions for the application to access their cloud resources. Therefore, it is advisable to pick a meaningful name.

    • Under the Developer contact information section, specify Email addresses for Google to notify you about any changes to your project.

  15. Click Save and Continue.
  16. On the Scopes wizard page, click Add or Remove Scopes to select scopes (permissions) for the enabled APIs.

    The Update selected scopes page appears.

  17. Locate the …/auth/gmail.compose scope of the Gmail API, and then select the belonging checkbox.

    This scope is required if you want to configure the SMTP via LDAP connector and/or the Notification service with Google's Gmail SMTP server and modern authentication.

  18. Locate the …/auth/contacts scope of the Contacts API, and then select the belonging checkbox.

    This scope is required if you want to configure the SMTP via LDAP connector with Google's Gmail SMTP server and modern authentication and to enable users to access the contacts in their Google address book.

  19. Click Update at the bottom of this page.
  20. Click Save and Continue at the bottom of the Scopes wizard page.

    The Test users wizard page appears.

  21. Specify test users by performing the following steps for testing your application before publishing it:
    1. Click + Add users.
    2. Specify a test user, and then click Add on the Add users page.

    Repeat these steps for each user to be added as test user.

  22. Click Save and Continue.
  23. On the Summary wizard page, verify the configuration settings.

    Click Edit next to a setting group to modify any setting belonging to that group, or click Back to Dashboard at the bottom of the page to finish the app registration.

  24. Select Credentials in the left menu to open the Credentials page.
  25. Click + Create Credentials, and select OAuth client ID to create client ID and Client secret for your application:
    1. Select Web application as Application type.
    2. Enter a Name for your client.
    3. Click + Add URI under the Authorized redirect URIs section, and then enter the URI corresponding to your Token Vault configuration in the following format:

      https://<FQDN>:<port>/callback

      where:

      • FQDN is the fully qualified domain name of the Token Vault machine.

      • port is the value of the HTTPS port setting configured on the Token Vault Server Settings page in case of https usage.

      For example: https://tokenvaultmachine.testdomain.com:8381/callback.

      This URI must be the same as the Redirect URI displayed by Token Vault on the Authorization Provider registration page.

  26. Click Create at the bottom of the page.
  27. On the OAuth client created page, copy the Client ID and Client Secret for later use.

    These credentials are required for the creation of a new Google Authorization Provider in Token Vault.

  28. If you selected External as User type in step 13, to publish your application, select OAuth consent screen in the left menu on your project APIs & Services page, and click Publish App under the Publishing status section to make your application available for all users, not only test users.