Configuring the connector

This page describes how to configure the connector.

Create a service account

Create a service account with domain-wide delegation of authority:

Create a service account.
Generate and download the service account’s credentials (a public/private key pair) in the JSON format.

Set up domain-wide delegation for the service account and grant the following scopes by entering a comma-delimited list of scopes in the OAuth Scopes field.

Scope Description

Scope	Description
`https://www.googleapis.com/auth/gmail.settings.basic`	View, edit, create, or change your email settings and filters in Gmail
`https://mail.google.com/`	Read, compose, send, or permanently delete your emails from Gmail
`https://www.googleapis.com/auth/gmail.modify`	Read, compose, and send emails from your Gmail account
`https://www.googleapis.com/auth/gmail.readonly`	View your email messages and settings
`https://www.googleapis.com/auth/gmail.settings.sharing`	Manage your sensitive mail settings, including who can manage your mail

https://www.googleapis.com/auth/gmail.settings.basic

View, edit, create, or change your email settings and filters in Gmail

https://mail.google.com/

Read, compose, send, or permanently delete your emails from Gmail

https://www.googleapis.com/auth/gmail.modify

Read, compose, and send emails from your Gmail account

https://www.googleapis.com/auth/gmail.readonly

View your email messages and settings

https://www.googleapis.com/auth/gmail.settings.sharing

Manage your sensitive mail settings, including who can manage your mail

For detailed instructions, see Google Workspace documentation.

Specify the application properties

The integration supports various properties that you can use in different scenarios. These properties should be specified in the application.properties file.

Service account credentials

The following property specifies the path to the service account key file for authentication at Google Cloud.

Property Type Description

Property	Type	Description
`googleserviceaccount.credential.jsonfile`	Mandatory	The path to the service account key file

googleserviceaccount.credential.jsonfile

Mandatory

The path to the service account key file

Customer-specific properties

The following table lists properties for establishing a connection with SCM.

Property Type Description

Property	Type	Description
`sectigo_cm_user`	Mandatory	The username of the SCM user
`sectigo_cm_password`	Mandatory	The password of the SCM user
`sectigo_cm_uri`	Mandatory	The URI of the SCM user
`sectigo_cm_org_id`	Mandatory	The ID of the organization in SCM
`sectigo_cm_base_url`	Mandatory	The base URL of the Sectigo CA

sectigo_cm_user

Mandatory

The username of the SCM user

sectigo_cm_password

Mandatory

The password of the SCM user

sectigo_cm_uri

Mandatory

The URI of the SCM user

sectigo_cm_org_id

Mandatory

The ID of the organization in SCM

sectigo_cm_base_url

Mandatory

The base URL of the Sectigo CA

CSR properties

The following table lists properties that are required for generating a certificate signing request (CSR).

Property Type Description

Property	Type	Description
`sectigo_csr_domain`	Mandatory	A single value for a domain included in the certificate Common Name (CN) field
`sectigo_csr_country`	Mandatory	The country name included in the certificate Country (C) field
`sectigo_csr_state`	Mandatory	The state or province name included in the certificate State (ST) field
`sectigo_csr_location`	Mandatory	The location name included in the certificate Location (L) field
`sectigo_csr_organization`	Mandatory	The organization name included in the certificate Organization (O) field
`sectigo_csr_organization_unit`	Mandatory	The organization unit included in the certificate Organization Unit (OU) field
`sectigo_csr_email_address`	Mandatory	The email address included in the certificate emailAddress field
`sectigo_csr_key_algo`	Optional	The private key algorithm to use to generate the private key. The default value is `RSA`.
`sectigo_csr_key_size`	Optional	The size of the TLS/SSL key to generate. The possible values are: 2048: A 2,048-bit RSA key will be generated (default) 3072: A 3,072-bit RSA key will be generated 4096: A 4,096-bit RSA key will be generated

sectigo_csr_domain

Mandatory

A single value for a domain included in the certificate Common Name (CN) field

sectigo_csr_country

Mandatory

The country name included in the certificate Country (C) field

sectigo_csr_state

Mandatory

The state or province name included in the certificate State (ST) field

sectigo_csr_location

Mandatory

The location name included in the certificate Location (L) field

sectigo_csr_organization

Mandatory

The organization name included in the certificate Organization (O) field

sectigo_csr_organization_unit

Mandatory

The organization unit included in the certificate Organization Unit (OU) field

sectigo_csr_email_address

Mandatory

The email address included in the certificate emailAddress field

sectigo_csr_key_algo

Optional

The private key algorithm to use to generate the private key. The default value is RSA.

sectigo_csr_key_size

Optional

The size of the TLS/SSL key to generate. The possible values are:

2048: A 2,048-bit RSA key will be generated (default)
3072: A 3,072-bit RSA key will be generated
4096: A 4,096-bit RSA key will be generated

Certificate issuance properties

The following table lists properties that are used for certificate issuance.

Property Type Description

Property	Type	Description
`sectigo_client_cert_file_path`	Mandatory	The location where the certificate, CSR, private key, and enrollment IDs are stored
`sectigo_client_cert_type`	Mandatory	The ID of the client certificate type
`sectigo_client_cert_validity`	Mandatory	The certificate validity period in days. The values available are dependent on the certificate type.
Certificate auto-renewal
`sectigo_expiry_window`	Optional	The number of days prior to expiration that a certificate renewal process is initiated. The default expiry window is `30` days.
Collect certificate
`sectigo_loop_period`	Optional	The interval (in seconds) between repeated attempts to collect a certificate. The default value is `10`.
`sectigo_max_timeout`	Optional	The maximum time (in seconds) during which repeated attempts to collect a certificate will be made. The default value is `600`.

sectigo_client_cert_file_path

Mandatory

The location where the certificate, CSR, private key, and enrollment IDs are stored

sectigo_client_cert_type

Mandatory

The ID of the client certificate type

sectigo_client_cert_validity

Mandatory

The certificate validity period in days. The values available are dependent on the certificate type.

Certificate auto-renewal

sectigo_expiry_window

Optional

The number of days prior to expiration that a certificate renewal process is initiated. The default expiry window is 30 days.

Collect certificate

sectigo_loop_period

Optional

The interval (in seconds) between repeated attempts to collect a certificate. The default value is 10.

sectigo_max_timeout

Optional

The maximum time (in seconds) during which repeated attempts to collect a certificate will be made. The default value is 600.

Create a file with the user accounts

Create a CSV file (for example, input.csv) and add the details of the Google Workspace user accounts in the following format.

We recommend that you keep the user accounts file outside the connector’s directory on the client machine.

[email protected],,firstName1,,lastName1,user1Password
[email protected],[email protected],firstName1,,lastName1,alias1Password
[email protected],[email protected],firstName1,,lastName1,alias2Password
[email protected],,firstName2,middleName1,lastName2,user2Password