Skip to content

Keeper-Security/ksm-google-scim

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
cmd
cmd
 
 
images
images
 
 
scim
scim
 
 
.env.yaml.sample
.env.yaml.sample
 
 
.gcloudignore
.gcloudignore
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
gcp_function.go
gcp_function.go
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

Keeper Secret Manager Google SCIM Push Header

Keeper Secrets Manager : Google SCIM Push

This repository contains the source code that synchronizes Google Workspace Users/Groups and Keeper Enterprise Users/Teams. This is necessary because Google Workspace does not adequately support Team SCIM provisioning.

Step by Step Instructions

Read this document: Google Workspace User and Group Provisioning with Cloud Function

This project replicates the keeper scim push --source=google Commander CLI command and shares configuration settings with this command.

Prerequisites

  • Keeper Secret Manager enterprise subscription

Prepare KSM application

  • Create KSM application or reuse the existing one
  • Share the SCIM configuration record with this KSM application
  • Add Device and make sure method is Configuration File Base64 encoding.

Configuration with gcloud

  1. Clone this repository locally
  2. Copy .env.yaml.sample to .env.yaml
  3. Edit .env.yaml
    • Set KSM_CONFIG_BASE64 to the content of the KSM configuration file generated at the previous step
    • Set KSM_RECORD_UID to configuration record UID created for Commander's scim push command
  4. Create Google Cloud function. Replace <REGION> placeholder with the GCP region.
gcloud functions deploy <PickUniqueFunctionName> \
--gen2 \
--runtime=go121 \
--max-instances=1 \
--memory=512M \
--env-vars-file .env.yaml \
--region=<REGION> \
--timeout=120s \
--source=. \
--entry-point=GcpScimSyncHttp \
--trigger-http \
--no-allow-unauthenticated

Configuration with Google Console

  1. Clone this repository locally
  2. Create source.zip file that contains ".go" and "go." matches
zip source.zip `find . -name "*.go"`
zip source.zip `find . -name "go.*"`
  1. Login to Google Console
  2. Create a new function Create New Function Create Step 1 Create Step 2 Create Step 3
    • Set KSM_CONFIG_BASE64 to the content of the KSM configuration file generated at the previous step
    • Set KSM_RECORD_UID to configuration record UID created for Commander's scim push command
  3. Click NEXT
  4. Set "Entry point" to GcpScimSyncHttp
  5. Upload the source code using source.zip. "Destination bucket" can be any. Create Step 4
  6. Click DEPLOY

Create Cloud Scheduler with Google Console

  1. Find the created function and copy function URL to the clipboard Copy URL

  2. Search for scheduler and select Cloud Scheduler

  3. Click CREATE JOB. 15 * * * * means every hour at 15th minute

    Scheduler Step 1

  4. Grant the scheduler access to SCIM function

    Scheduler Access

  5. Create Scheduler and check it works by clicking FORCE RUN

    Scheduler Run

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

1 star

Watchers

7 watching

Forks

1 fork
Report repository

Releases 4

Release 0.4.0 Latest
Feb 10, 2024
+ 3 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages