Integrating with Google Apps

With Integrating Personal Content, you can use your Google Search Appliance to serve search results from Google Apps services, including Google Sites and Google Docs.

Back to top

Deprecation Notice

Google Apps Integration

In GSA release 7.4, integration with Google Apps is deprecated. It will be removed in a future release.

Back to top

About This Document

This document provides information about how to serve content from your Google Apps domain along with those from a Google Search Appliance. This document is intended for search appliance administrators who need to understand how to enable the integration of personal content.

Back to top

Overview

Integrating personal content is a feature that enables the Google Search Appliance to search private and public content from your Google Apps domain and display the results under My documents in the sidebar element on the search result page, as shown in the following figure.

Search results under My documents are restricted to only the ones that the user has privileges to view. Integrating personal content supports Google Apps services such as Google Docs and Google Sites. Currently, integrating personal content does not support Gmail.

Integrating personal content covers Google Apps for Work/Education/Government domains only. This feature serves private and public content that a user has permission to view directly from your Google Apps domain.

This integration does not support multiple Google Apps domains.

Integrating personal content uses the Google Data (GData) APIs with the OAuth protocol to access secure content in your Google Apps domain. OAuth is an open standard authorization protocol that allows third parties to access user data without the need to know a user’s password. For information about the OAuth protocol, see OAuth for Web Applications (https://developers.google.com/accounts/docs/OAuth2).

The following steps provide an overview of the entire process of integrating personal content from Google Apps:

When a user enters a search query in a search appliance front end, the search appliance serves results that might include content from the Google Apps domain, depending on the query.

Google Apps Icons in Search Results

In listings, search results from Google Apps services are identified by icons, as illustrated in the following table.

 

Icon	Identifies Result From
	Google Docs—document
	Google Docs—presentation
	Google Docs—spreadsheet
	Google Sites—site

Back to top

Prerequisites for Integrating Personal Content

Before the Google Search Appliance can integrate personal content, the Google Apps domain administrator needs to enable the search appliance to access Google Apps search results. Google recommends that the Google Apps domain administrator and the search appliance administrator work together to establish access by performing the following steps:

Registering a Client

You, as a search appliance administrator, register a domain with Google. For example, if your organization is example.com, then you might want to register a domain such as www.example.com.

To register a domain with Google, you need to prove ownership of the domain. This domain can be any domain for which you can prove ownership. For example, the domain might be www.example2.com. It does not have to match example.com.

After you register the domain, go to https://console.developers.google.com/project and log in using an admin account in the domain in which you will own and manage the custom OAuth keys. To generate the OAuth keys that are owned and managed by the end user account:

A client is created with a secret:

Take note that this information is also used when you integrate Google Apps in the search appliance Admin Console, as described in Enabling Integrating Personal Content.

For information about registering a client to a Google Apps domain, see “Using OAuth 2.0 for Web Server Applications” (https://developers.google.com/accounts/docs/OAuth2WebServer).

Authorizing the Client to Access the Search Scope

You need to provide the OAuth consumer key to the Google Apps domain administrator so that she can enable access to this domain for apps search scope. To enable access to the domain, the Google Apps domain administrator must:

Configuring Certificate Authorities

To enable personal content integration, you must first configure certificate authorities (CAs) on the search appliance. To do this, take one of the following actions:

Configuring Your Firewall to Pass Packets

Google doesn't guarantee that www.googleapis.com will resolve to an IP within any given range. For information about using a set IP address for www.googleapis.com, see "Firewall and proxy settings." To define a set IP addresses, use the Administration > DNS Override page in the Admin Console.

Updating to the Latest Software Version

An update to the latest search appliance software version might be required to include enhancements from the underlying cloud-based services, such as Google Apps.

Back to top

About ID Mapping

The Google Search Appliance’s primary verified ID for any particular logged-in user needs to match that user’s Google Accounts and ID Administration (GAIA) ID, which are created by the Google Apps domain administrator. The Google Apps domain administrator might also create a GAIA alias to match the Google Search Appliance primary verified ID, if required.

For example, if the currently logged-in search appliance user has a verified ID of rchand@example.com, it is directly mapped to GAIA username rchand@example.com.

If the ID of the currently logged-in search appliance user does not have an “@”, the domain name that administrator configured is appended. For example, if the administrator admin configures the domain name to be example.com, and the search appliance user’s ID is “rchand,” it maps to the GAIA username rchand@example.com. In a rare case, the user name that is constructed by the search appliance might actually belong to a different user, and search results from Google Apps might be returned to the wrong user.

Google Apps integration works only with the verified identity of the Default credential group that is configured on the Search > Secure Search > Universal Login page.

Back to top

About Import/Export

The Administration > Import/Export page enables you to export search appliance configuration information to a file or import configuration information to the search appliance. To prevent the security risk of importing or exporting the OAuth consumer secret, Google Apps integration information is not included in the search appliance configuration information.

Back to top

Enabling Integrating Personal Content

To enable integrating personal content:

For complete information about using the Content Sources > Google Apps page, click the Help link on the page.

Back to top

Disabling Integrating Personal Content Google

To disable integrating personal content:

Back to top

Showing Personal Content Results

After enabling integrating personal content, you can show personal content in search results for a specific front end.

To show personal content for a front end: