que: What steps have to be performed on Google Side?

[goosefraba]

Hey I set up AWS SSO with all the regular actions done on Google Workspace.

But when launching this app from the Serverless Application Repository, I have to enter the file contents for the service account credentails from Google. This part in particular would be nice to be documented.

Eventhough I set up a service account and downloaded the keys as json. I get an authentication error in the lambda functio then.

Please help

[Parent5446]

Other than creating the account, the main other thing you need to do is enable the Admin API, and then to set up domain-wide delegation using the steps here: https://developers.google.com/admin-sdk/directory/v1/guides/delegation

When setting up delegation, here are the scopes you need to enable: https://github.com/slashdevops/idp-scim-sync/blob/5eec83f4f7136e9c7d6475f1032b0edca2a99f19/cmd/idpscim/cmd/root.go#L241-L243

[christiangda]

thank you @Parent5446 for your answer and @goosefraba I will create better documentation explaining it very well.

[obscurerichard]

I've had success following the steps described in https://github.com/awslabs/ssosync#google to get the Google service account set up required for this project. It can take a while (think 10-15 minutes) after setting things up on the Google side before the API is really ready to use with the service account credentials.