IMPORTANT! Because of the technical knowledge required, your district’s IT administrator (or someone with a similar role) will most likely need to perform this procedure.


There are (4) steps that must be performed to utilize Google SSO:


1. Create a new Service Account within the Google API Console

2. Enable Domain-Wide Delegation to the new Service Account

3. Install the JSON file within ML Binders

4. Import Google Users into ML Binders via Google Groups


Step 1: Create a New Service Account within the Google API Console


1. Visit Google API Console →  https://console.developers.google.com

2. Select the New Project button

3. Name the project MasterLibrary SSO

4. Select the Create button

5. Select the newly created project from the Select a project dropdown at the top of the page.


6. Select the Library menu item on the left side of the page.

7. On the “Search for APIs & Services” box, type Admin SDK.

    

        

8. Select Admin SDK from the results.



9. Select the ENABLE button.


10. Click on the navigation menu icon (three horizontal lines) at the top left corner, and select APIs & Services → Credentials


    

11. Select + CREATE CREDENTIALS


 


12. Select Service Account



13.  Type in the Service Account name and optionally service account description.




14. Select the CREATE button.


15. Select the CONTINUE button.


16. Select the DONE button.


17. Click on the Email link

18. Select the ADD KEY button and then select Create new key.



19. A pop window will appear. Ensure that the JSON option button is selected (this button is already selected as a default option).





20. Select the CREATE button


21. A JSON file will be downloaded and saved to your computer. Select the Close button.


22. Select the SAVE button.


Step 2: Domain-wide delegation to the Service Account.


1. Open a new browser window and enter https://admin.google.com/ac/owl 

Note : A user with Google super administrator role is required to perform this task.


2. Select MANAGE DOMAIN WIDE DELEGATION

3. Select the Add new button




4. Open the JSON file that was downloaded

5. Copy the number corresponding to the  “client_id”



6. In the popup window, paste the Client ID number and enter the following scopes on each line.


https://www.googleapis.com/auth/admin.directory.group.readonly

https://www.googleapis.com/auth/admin.directory.group.member.readonly

https://www.googleapis.com/auth/admin.directory.user.readonly


          

7. Select the AUTHORIZE button.


Step 3: Install the JSON file within ML Binders

1. Within ML Binders go to Settings > Single Sign On > Google SSO Admin


2. Enter the email address for a Google Domain Super Administrator


3. Upload the JSON file that was downloaded in the previous step.

4. Select the Save button


Step 4: Import Users via Google Groups

1. Within ML Binders go to Settings > Single Sign On > Google SSO Groups


2. Select the Add Google SSO Group button


3. Enter the Group Name and Group Email Address (Selecting the View Google Users button will show the users within that Group)



4. Select the Active checkbox.

5. Select the Save and Sync Users button.


6. Repeat Steps 2-7 for any additional Google Groups you would like to sync to ML Binders..