Sync groups to a Cloud Search identity source

Google Cloud Search uses an identity source to map user identities from third-party repositories. User identities can be stored in an Lightweight Directory Access Protocol (LDAP) server, such as Microsoft Active Directory®. To synchronize Active Directory groups with your identity source, you can use Google Cloud Directory Sync (GCDS).

Before you begin

1. Turn on identity mapped groups

  1. At the command line, enter one of the following commands:
    • Linux®: $ ./config-manager --enable-img (from the directory of the installation)
    • Microsoft® Windows®: > config-manager.exe --enable-img
  2. Open Configuration Manager.
  3. In the left panel, click General Settings.
  4. Check the Identity Mapped Groups checkbox.

    The Identity Mapped Groups option appears in the left panel.

2. Add groups to sync

  1. Open Configuration Manager.
  2. In the left panel, click Identity Mapped Groups.
  3. On the Search Rules tab, enter the following information:
    • Identity source ID
    • Service account file path
  4. Click Add Search Rule and enter the following information:
    • Scope
    • Rule
    • Group attributes
  5. ​Click OK.

To test your search rule after you add it, click Test LDAP Query.

You can add more search rules and GDCS syncs them all. Learn more about how to add LDAP search rules to synchronize data.

To exclude groups that are returned from your search rules, click the Exclusion Rules tab. Learn how to use exclusion rules with GCDS.

3. Schedule your sync

  1. Open Configuration Manager.
  2. In the left panel, click Sync.

You can simulate a sync or save your settings. Learn how to automate your synchronization process.

Contact support

For issues or feedback when using this feature, contact directory-sync-cloud-search@google.com and cc: cloudsearch-3p-support@google.com.

Was this helpful?
How can we improve it?