Google Identity Sync

Last Updated: April 07, 2026

An identity provider (IdP) uses an authentication token to vouch for a person's identity. Vasion Automate uses IdPs for several tasks, including logging in to the Admin Console and portals, deploying printers, releasing print jobs, and more.

If you use an IdP, the Control Panel Application (CPA) supports only badge and PIN authentication.

Configure Connection

To add and configure app properties for the Vasion Print connection, do the following:

  1. Add the IdP Settings Template.
  2. Create an Authentication Project.
    1. Configure Open Authorization (OAuth) Consent.
    2. OAuth 2.0 Credentials for Desktop Client.
    3. OAuth 2.0 Credentials for Server.
  3. Create a Provisioning Project.
    1. Enable Admin Software Development Kit (SDK) application programming interface (API) Service.
    2. OAuth Consent Screen Provisioning.
    3. OAuth 2.0 Credentials Provisioning.
  4. Enable Google Identity Sync Service.
  5. Verify Provisioned Users.
  6. Add Vasion Print Admins.

Requirements

Review the following requirement:

  • Before you set up Google Identity Sync with OpenID Connect (OIDC), you must configure a Service Client Setup to use the Identity Sync service.

1. Add the IdP Settings Template

If the IdP Settings modal does not look like the image below, you may not be using the latest version and should contact Product Support to upgrade your IdP settings.

  1. Open your Vasion Print Admin Console in a new browser, and log in.
  2. Select Tools then Settings then General, and scroll down to Identity Provider Settings section.
  3. Select IdP, and then select Add.
  4. Select Google from the IdP Template dropdown menu.

  5. Select OIDC in the Authentication Protocol section.

  6. In the Provisioning section, select the checkbox for Google Identity Sync.
  7. In the Name field, enter the name that you want to appear on the login button for users. For example, My Company, Login, or Acme Corp.

  8. In the Discovery Endpoint field, enter the following URL:

    Copy Code 
    https://accounts.google.com/.well-known/openid-configuration

  9. Scroll down, and select the desired settings.

    • Enable for End User Login: Allows end users to log in using this IdP. (Self-service Portal)
    • Enable for Admin Login: Allows admins to log in using this IdP. (Admin Console)
    • You can select both checkboxes when you are using a single IdP or the admin and end users use the same IdP to log in.

    Keep the IdP Settings modal open so that the Service Provider Information section at the bottom is available for the following steps.

IdP Settings showing different fields and Service Provider Information section.

2. Create an Authentication Project

  1. Open a new browser tab, and go to https://console.cloud.google.com.
  2. Log in to your Google admin account.
  3. Select the Project dropdown menu at the top.
  4. Select New Project.
  5. Enter a project name, and ensure that the Organization and Location fields are correct.
  6. Select Create.

  7. Select Select Project in the Notification section, or select the new project from the Project dropdown menu.

    Google Cloud console showing Project menu and expanded Notifications section with project name and Select Project option.

Google Cloud console showing Project dropdown menu and modal with New Project option.

Configure OAuth Consent

  1. From the left-side menu, select APIs & Services, and then select OAuth consent screen.

    Google portal showing APIs & Services menu and "OAuth consent screen" option.

  2. Select Get Started.

    Google portal showing "OAuth consent" screen and Get Started button.

  3. Enter the app name and user support email, and then select Next.
  4. Select Internal for the Audience, and then select Next.
  5. Enter the contact information, and then select Next.
  6. Select the checkbox for I agree to the Google..., and then select Continue.
  7. Select Create.

Google portal showing "Project configuration" modal and steps to configure app.

OAuth 2.0 Credentials for Desktop Client

  1. On the OAuth Overview tab, select the Create OAuth Client button.

    Google portal showing OAuth Overview tab and Create OAuth Client button.

  2. From the Application type dropdown menu, select Desktop app.
  3. Enter a name for the desktop app.
  4. Select Create.
  5. Select the new OAuth client to view additional details.
  6. Copy the desktop app Client ID, and in the Admin Console, paste it in the Client Id for Clients field in the IdP Settings.
  7. Copy the desktop app Client secret, and paste it in the Client Secret for Clients field in the IdP Settings.
  8. Select the back arrow to return to the Clients screen.

Google portal showing Client ID screen and Client ID and "Client secret" fields.

OAuth 2.0 Credentials for Server

  1. At the top of the screen, select + Create Client.
  2. From the Application type dropdown menu, select Web application.
  3. Enter a name for the web app. This name identifies the credentials in the Google API console and does not appear for end users.
  4. In the Google Authorized redirect URLs section, complete the following:
    1. Select + Add URL, copy the IdP Settings SSO URL, and paste it in the Google URLs 1 field.
    2. Select + Add URL, copy the IdP Settings Mobile SSO URL, and paste it in the Google URLs 2 field.

    3. Select + Add URL, and then copy and paste the following URL in the Google URLs 3 field:

      Copy Code
      https://llhfdhidddepenjnklbngmapjohlbekh.chromiumapp.org/
  5. Select Create.
  6. Select the new OAuth client to view additional details.
  7. Copy the web app Client ID, and paste it in the Client Id for Server field in the IdP Settings.
  8. Copy the web app Client secret, and paste it in the Client Secret for Server field in the IdP Settings.

Google portal showing Client ID screen and Client ID and "Client secret" fields.

3. Create a Provisioning Project

  1. In the Google portal, select the Project dropdown menu from the top navigation bar.
  2. Select New Project.
  3. Enter a project name, and ensure that the Organization and Location are correct.
  4. Select Create.

  5. Select Select Project in the project notification, or select the new project from the Project dropdown menu.

    Google portal showing Project dropdown menu and expanded Notifications section with project name and Select Project option.

Google portal showing Project dropdown menu and modal with New Project option.

Enable Admin SDK

  1. Ensure that you have the provisioning project selected.

  2. From the left-side menu, select APIs & Services and then Enabled APIs & services.

    Google portal showing expanded APIs & Services menu and "Enabled APIs & services" option.

  3. At the top of the screen, select + Enable APIs and Services.
  4. Search for and select Admin SDK API.
  5. Select Enable.

Google portal showing search and Admin SDK API result.

OAuth Consent Screen Provisioning

  1. From the left-side menu, select APIs & Services and then select OAuth consent screen.

  2. Select Get Started.

    Google portal showing "OAuth consent" screen and Get Started button.

  3. Enter the app name and user support email, and then select Next.
  4. Select Internal for the Audience, and then select Next.
  5. Enter the contact information, and then select Next.
  6. Select the agreement checkbox, and then select Continue.
  7. Select Create.

Google portal showing "Project configuration" modal and steps to configure app.

OAuth 2.0 Credentials Provisioning

  1. On the OAuth Overview tab, select the Create OAuth Client button.

    Google portal showing OAuth Overview tab and Create OAuth Client button.

  2. In the Application type dropdown menu, select Desktop app.
  3. Enter a name for the desktop app.
  4. Select Create.
  5. Select the new OAuth client to view additional details.
  6. Copy the app Client ID, and paste it in the Provisioning Client ID field in the IdP Settings.
  7. Copy the app Client secret, and paste it in the Provisioning Client Secret field in the IdP Settings.

Google portal showing Client ID screen and Client ID and "Client secret" fields.

4. Enable Google Identity Sync Service

There are a few options for authorizing Vasion Print access to your Google directory. We recommended Option A, which you can complete directly from a browser. Option B requires you to start a local server that echos incoming requests. There are alternative options if the above options are not acceptable.

Option A (Recommended)
  1. In the Vasion Print Admin Console, select Back to tree view.
  2. Select the Service Client object in the tree, and then select the Identity Sync tab.
  3. Select the checkbox for Enable Google Identity Sync, and then select Save.
  4. Select Authorize.
  5. Log in to your Google admin account, and select Allow on the permission options.

  6. A screen appears that says "This site can't be reached" or something similar depending on your browser. This action is normal. In the URL bar on that screen, copy the one-time authorization code value found between "code=" and "&scope."

    URL bar showing one-time authorization code.

  7. Return to the Admin Console, and paste this code in the Authorization Code field in the Identity Sync tab.
  8. For Associate Groups and Users with:, use the dropdown menu to select your Google configuration.
  9. Select Save.

Option B (Use Local Server)
  1. Start a local server that echos incoming requests.

    • For Mac, run the following command in a terminal:

      Copy Code
      nc -k -l 444

      The command uses the [NetCat] utility, which you can download from http://netcat.sourceforge.net/. However, you can use the utility of your choice.

  1. After running the above command, the local server listens for incoming requests in the terminal or command prompt.
  2. Return to the Admin Console, and select Back to tree view.
  3. Select the Service Client object in the tree, and then select the Identity Sync tab.
  4. Select the checkbox for Enable Google Identity Sync, and then select Save.
  5. Select Authorize.
  6. Log in to your Google admin account, and select Allow on the permission options.

  7. Responses are echoed in the command prompt (Windows) or terminal (Mac). In the GET request, copy the one-time authorization code between "code=" and "&scope."

    Terminal window showing command has run and State equals value.

  8. Return to the Admin Console, and paste this code in the Authorization Code field in the Identity Sync tab.
  9. For Associate Groups and Users with:, use the dropdown menu to select your Google configuration.
  10. Select Save.

5. Verify Provisioned Users

  1. In the Admin Console, select Tools then Identity Management.

    If the Multiple IdP feature is not enabled for your instance, the menu options are Tools then Identities.

  2. Verify that the users provisioned.

    Depending on how many users exist in the IdP directory, provisioning can take several minutes to several hours.

6. Add Vasion Print Admins

For steps on assigning users and roles to the Vasion Print and Vasion Automate Admin Console, refer to Admin Console Users.