UI has instructions for the steps up to register your rancher server domain and creating the OAuth credentials. These are the steps for generating the service account credential file:
- Be logged in to your gsuite domain as the admin
- Navigate to Service accounts page: https://console.developers.google.com/iam-admin/serviceaccounts
- Create a service account.
Create Service account - page 1
Create Service account - page 2- no need to specify roles
Create Service account - page 3- create JSON key
The key created gets downloaded as json file, this is what you will provide in the Service Account Credentials
textbox in UI
Get service account key's unique ID
This is a numeric key, if it's not displayed in the list of keys right next to the one you created, you will have to enable it to be listed by doing the following
Unique ID
must be clicked, and then click on OK
. This will add a column to the list of service account keys for Unique ID. Save the one listed for the service account you created.
- Go to
Manage OAuth client access
page: https://admin.google.com/AdminHome?chromeless=1#OGX:ManageOauthClients
Add the Unique ID obtained in previous step asClient Name
, and add these scopes forOne or More API Scopes
:
openid,profile,email,https://www.googleapis.com/auth/admin.directory.user.readonly,https://www.googleapis.com/auth/admin.directory.group.readonly
Click on Authorize
.
Once all this is done, use the service account json file and oauth credentials json files downloaded earlier to set up auth