Overview
By default Google Workspace will restrict the Organization Administrator and Organization Policy Administrator which are required for generating a key to be registered with LegacyFlo.
These roles can be made available using the Google Cloud SDK for the key generation.
The steps to enable these roles and remove them after key generation are given below.
Enabling Administrator Roles
1. Visit the Google Cloud website to download and download gcloud CLI editor. The editor is available for Windows, MacOS, Ubuntu and Redhat. Follow the intsallation steps available.
https://cloud.google.com/sdk/docs/install#windows
Important Note : The gcloud CLI requires python packages which will be downloaded automatically. If you have an older version of python installed, it will be automatically updated. If there are no python packages installed, you will be prompted to verify the installation.
2. After successful installation, login to gsuite admin user from gcloud CLI. The CLI will open in the default browser. Enter your credentials and allow the necessary permissions for the Google Cloud Service CLI.
- gcloud auth login
3. On successful login, you will see a screen similar to the one below on the browser tab.
4. Using the CLI, you can now list the organizations and make a note of your Org ID.
- gcloud organizations list
5. Using the CLI, assign the organization Admin and Organization Policy Admin roles to the Admin ID
- gcloud organizations add-iam-policy-binding <ORG_ID> --member=user:<Admin_Email_ID>
--role=roles/resourcemanager.organizationAdmin
- gcloud organizations add-iam-policy-binding<ORG_ID> --member=user:<Admin_email_ID>
--role=roles/orgpolicy.policyAdmin
6. Proceed to the Google Workspace Login and complete the steps of key generation
Disabling Administrator Roles
Once the key is generated and successfully registered with LegacyFlo, you can disable the Admin Roles assigned using the CLI with the following commands
- gcloud organizations remove-iam-policy-binding <ORG_ID> --member=user:<Admin_email_ID>
--role=roles/resourcemanager.organizationAdmin
- gcloud organizations remove-iam-policy-binding<ORG_ID> --member=user:<Admin_email_ID>
--role=roles/orgpolicy.policyAdmin