Prepare Google's G Suite for Riva On-Premise

Article ID: 1272
Last updated: 07 Mar, 2019

Audience: Messaging Team.

Riva On-Premise is designed to use a single connection to a G Suite system. Using this configuration, the Riva sync service uses the credentials of the "connection user" to IMPERSONATE into the mailbox of each "target" user that Riva syncs data for. The Riva connection for Google must use the Gmail login.

A trust must be produced between Riva On-Premise and G Suite with a signed certificate and API configurations.

Purpose

Riva On-Premise supports Google API to establish a connection. The purpose of this article is to describe the preparation work required for a Google Web Services connection for a Riva On-Premise server.

System requirements and preparations for Google connections include:

Supported Google editions

Riva uses Google Web Services to connect to G Suite.

Riva supports free Gmail and all editions of G Suite: Basic, Business, and Enterprise.

Firewall requirements

Ensure that Windows and corporate firewalls are configured to permit the Riva server access to create a G Suite connection (Port 443). See Firewall settings for Riva.

Create a Google Development Project

A Google Development Project includes all of the necessary Application Programming Interfaces (APIs), certificates, and authentication needed for Riva On-Premise to connect to G Suite and synchronize data. This includes giving access to the developer console, creating a development project, and issuing a trusted certificate to be stored on the Riva On-Premise server.

Creating a project includes creating the needed APIs for Riva to be able to connect and synchronize data, as well as issue a certificate that provides the trust needed between G Suite and the Riva On-Premise server.

To create a Google development project:

  1. Log in to https://console.developers.google.com/ with the credentials of the developer account to be used with Riva. Recommended: Rivasync@your-domain-name-goes-here.com.

  2. Select Select a project, and choose Create project.

  3. Give the project a unique name, for example "Riva Sync", and select Create.

  4. Select ENABLE API

    The Console's right pane pane displays the Library, which includes a Search bar for Google APIs.

  5. In the Search bar, search for contacts. Among the search results, select Contacts API.

  6. Select Enable and, to its left, the back button.

  7. Likewise, select Google Calendar API, Tasks API, Gmail API, and Google+ API; and in each case, select Enable.

  8. In the left pane, select Credentials. In the right pane, select Create credentials.

  9. When the Create credentials options appear, select Service account key.

  10. Select New service account.

  11. Select P12 as the Key type, and select Create.

    This generates the following:

    • A trusted certificate to install on the Riva On-Premise server.

    • A password for the public/private key pair that will be used to create the connection to G Suite.

    Important: Be sure to save the trusted certificate and the password in a secure place.

  12. When a new public/private key pair is generated and you have saved it securely, remember the password, and select Close.

  13. Select Manage service accounts.

  14. Select , and choose Edit.

  15. Select Enable G Suite Domain-wide Delegation, and select SAVE.

  16. Select View Client ID.

  17. Take note of the Client ID and Email address, as they are required when creating your connection to Google from the Riva On-Premise server. Select Save.

  18. Log in to the Riva On-Premise server.

  19. Copy the certificate to the Riva installation directory "C:\Program Files\Riva\".

Google Web Services

Riva needs to connect to Google Web Services, hosted on Google's email servers:

  • Riva can discover the correct Google URL from the connection user's email address.

  • API settings have to be set in the G Suite interface to allow Riva to connect properly.

Setting Google to allow for Domain-Wide Authorization

  1. Log in to https://admin.google.com.

  2. Select Security.

  3. Select Show More > Advanced Settings > Manage API Client Access.

  4. In the Client Name and One or More API Scopes fields, provide the following information:

    • Client Name: It is the same as the Client ID generated after the Private/Public key is issued.

    • Five API scopes: Copy and paste the following, as is, on a single line, with no spaces after the commas:
       

      https://www.googleapis.com/auth/calendar,https://www.googleapis.com/auth/tasks,https://www.google.com/m8/feeds,https://www.googleapis.com/auth/gmail.modify,https://www.googleapis.com/auth/userinfo.profile


      For your convenience to look at the five scopes, here they are, one per line:

      • https://www.googleapis.com/auth/calendar

      • https://www.googleapis.com/auth/tasks

      • https://www.google.com/m8/feeds

      • https://www.googleapis.com/auth/gmail.modify

      • https://www.googleapis.com/auth/userinfo.profile

  5. After adding the scopes, select Authorize.

    If the scopes are added successfully, they are displayed next to the Client ID, similar to the image below.

This article was:   Helpful | Not helpful Report an issue


Article ID: 1272
Last updated: 07 Mar, 2019
Revision: 45
Views: 4907
Comments: 0
Also read
item Configure Web \ HTTP Proxy Authentication Support

Prev     Next
Google       GroupWise


Back to Top