Configure Google Workspace in N-able N-central for SSO
N-able N-central offers integrated sign-on of users that already exist in Google Workspace. The Google Workspace password is not stored on N-central but verified against Google at the time of login.
You can also import users into N-central from Google Workspace, or link and unlink existing accounts from Google Workspace.
With the Google Workspace integration you can:
-
Assign roles and groups on import - individually or in bulk
-
Auto-populate email address (username) at the time of import
-
Link and unlink N-central accounts to Google Workspace users
-
Filter by user or group when importing
-
Find the Google Workspace configuration under User Management > SSO Providers
You must configure Google Workspace for SSO before you configure N-able N-central.
Configure your Google Workspace SSO integration with N-able N-central at the System or Service Organization (SO) level.
If N-able is hosting your N-able N-central solution, then configure SSO at the SO level. Doing so will allow users to login with their Google Workspace account consistent with your branded landing page.
If you have an on-premises N-able N-central solution, then configure SSO at the System level. This will result in a Google Workspace user login experience consistent with that of your enterprise.
- Create an SSO provider.
- Navigate to Administration > User Management > SSO Providers.
- Click Add > Google.
- In Service Account User field, enter the user account email to which you have impersonated the service account.
This is not the service account email.
- Click Select JSON File, and browse to the where it was downloaded when you created the service account.
- Click Test Connection to check that your credentials are valid, and can be used to import users to N-able N-central.
- If needed, insert a default Organization Unit path or User Group.
These will be used as filtering defaults when searching for accounts. You can change these under the Available Users tab.
- Save the SSO provider configuration.
- In Service Account User field, enter the user account email to which you have impersonated the service account.
- Import users from Google Workspace.
- Navigate to Administration > User Management > SSO Providers.
- Click the Name of the SSO provider.
- Click the Available Users tab.
The page displays a list of users based on filters using the default values defined on the Details tab.
Filters displayed are inherited from the default values defined on the Details tab.
You can change the Filters locally.
When you leave and return to the Available Users tab, the users listed are based on the values entered on the Details tab.
- Under the Link to N-central User column, from the drop-down menu associated with the user, select Import user as new or Already existing user.
Select the Import user option to create a new user in N-able N-central. For newly imported users, it is possible to change the Last Name, First Name and Email. You can assign Roles and Access Groups to this user, either per row or in bulk using ROLES and ACCESS GROUPS button. Users are imported on the level on which the SSO Provider is opened.
Select the Already existing user option to allow the user to log in using email of this SSO user. When linking the user, it is not possible to change the Last Name, First Name and Email. Those fields are greyed out. For this kind of users, Roles and Access Groups cannot be assigned. After SSO email is linked to already existing user, this user will no longer be able to log in using his original password.
- Manage imported Users.
- Click the Imported Users tab.
- Select one of the following options:
- Disable SSO user – Both the user and the login email will remain in N-able N-central, but it will no longer be possible to log in using this email, until it is enabled.
- Unlink SSO user – The user will remain in N-able N-central, but login email will be removed from this user.
- Delete SSO user – The user will be completely removed from N-able N-central.
Another option to manage your SSO mappings is directly from user edit page (User Management > Users > User Details > SSO User configuration). From here you can Unlink and Disable a SSO user.
- Configure login Client ID.
- Navigate to Administration > User Management > SSO Providers.
- Click the Google Client ID tab.
- In the Google Client ID field enter the login Client ID.
This is the "Web Application" OAuth Client ID you created in the Create login ClientID and N-able N-central allow list procedure in the Configure Google Workspace for SSO topic. - The Google login button displays on the login page.
The login user experience is dependent on the level where you have the Client ID configured (SO or System level).