diff --git a/elixir/apps/web/lib/web/live/settings/identity_providers/google_workspace/components.ex b/elixir/apps/web/lib/web/live/settings/identity_providers/google_workspace/components.ex index 11e4e00db..3d18be888 100644 --- a/elixir/apps/web/lib/web/live/settings/identity_providers/google_workspace/components.ex +++ b/elixir/apps/web/lib/web/live/settings/identity_providers/google_workspace/components.ex @@ -18,6 +18,11 @@ defmodule Web.Settings.IdentityProviders.GoogleWorkspace.Components do def provider_form(assigns) do ~H"""
+ <.flash kind={:info} style="wide" class="mb-4"> + Please note that a Google Workspace Super Admin is required + to setup this Identity Provider.
For more information please see our + <.website_link path="/kb/authenticate/google">docs + <.form for={@form} phx-change={:change} phx-submit={:submit}> <.step> <:title>Step 1. Create a new project in Google Cloud diff --git a/website/src/app/kb/authenticate/google/readme.mdx b/website/src/app/kb/authenticate/google/readme.mdx index 090b71f15..20d4dff44 100644 --- a/website/src/app/kb/authenticate/google/readme.mdx +++ b/website/src/app/kb/authenticate/google/readme.mdx @@ -30,6 +30,15 @@ minutes to ensure that your Firezone account remains up-to-date with the latest identity data from Google Workspace. [Read more](/kb/authenticate/directory-sync) about how sync works. + + If using directory sync with this provider, please note the setup will require + a Google Workspace Super Admin due to the need to manage domain wide + delegation. The need for domain wide delegation is due to the use of a service + account rather than a user account for accessing the Google Admin SDK API. + [Read + more](https://developers.google.com/cloud-search/docs/guides/delegation#delegate_domain-wide_authority_to_your_service_account) + on domain wide delegation and service accounts. + ## Setup Setting up the Google Workspace connector is similar to the process of setting