docs(portal): Update google directory sync docs (#7965)

Add docs related to Google directory sync around why there is a need for
a Google Workspace super admin when setting up directory sync.

---------

Signed-off-by: Brian Manifold <bmanifold@users.noreply.github.com>
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>

elixir/apps/web/lib/web/live/settings/identity_providers/google_workspace/components.ex

@@ -18,6 +18,11 @@ defmodule Web.Settings.IdentityProviders.GoogleWorkspace.Components do
   def provider_form(assigns) do
     ~H"""
     <div class="max-w-2xl px-4 py-8 mx-auto lg:py-12">
+      <.flash kind={:info} style="wide" class="mb-4">
+        Please note that a Google Workspace Super Admin is <b>required</b>
+        to setup this Identity Provider. <br />For more information please see our
+        <.website_link path="/kb/authenticate/google">docs</.website_link>
+      </.flash>
       <.form for={@form} phx-change={:change} phx-submit={:submit}>
         <.step>
           <:title>Step 1. Create a new project in Google Cloud</:title>

website/src/app/kb/authenticate/google/readme.mdx

@@ -30,6 +30,15 @@ minutes to ensure that your Firezone account remains up-to-date with the latest
 identity data from Google Workspace.
 [Read more](/kb/authenticate/directory-sync) about how sync works.
 
+<Alert color="warning">
+  If using directory sync with this provider, please note the setup will require
+  a Google Workspace Super Admin due to the need to manage domain wide
+  delegation. The need for domain wide delegation is due to the use of a service
+  account rather than a user account for accessing the Google Admin SDK API.
+  [Read
+  more](https://developers.google.com/cloud-search/docs/guides/delegation#delegate_domain-wide_authority_to_your_service_account)
+  on domain wide delegation and service accounts.
+</Alert>
 ## Setup
 
 Setting up the Google Workspace connector is similar to the process of setting