Getting ready for Maps Engine: setup and administration overview
This article describes the initial setup steps for Google Maps Engine. The document gives an overview of how the process works, who else might need to be involved, and where you can get more information. It does not attempt to give detailed instructions about every step.
It's possible that your Google representative might do some of these steps for you, but the goal is to give you the full view of what needs to happen, whether or not you do all the steps yourself.
- About this document
- Your Google Admin console
- Deployment overview
- IT administration phase
- Early adopters phase
- Go-live phase
- Maintenance phase
- Moving on
This document is primarily for customers who'll be setting up Google Maps Engine during the early period of implementation. We assume that you're responsible for the initial registration of the domain with Google, populating the environment with a few initial users, creating and bootstrapping Maps Engine administrators, and then making the site available to all the appropriate users.
There's a difference between an account administrator (also called a domain administrator) and a Google Maps Engine content administrator. Each role has different scope, tools, and tasks.
- The account administrator does the initial setup and creates the environment in which Maps Engine exists (users, groups, and so on) but doesn't need to be involved with Maps Engine content.
- The Maps Engine administrator is involved with Maps Engine content. He or she creates access lists and can view all the assets in the Maps Engine repository, as well as performing other tasks.
However, in some environments, a person might play both roles, serving as both the account administrator and the Maps Engine administrator.
Google Maps Engine uses the Google Admin console to manage users and groups for your domain. If you already have Google Apps, you're probably familiar with the console.
Even if you haven't subscribed to Google Apps, you'll still use the Google Admin console to manage users and groups for your domain.
The users and groups that you create in the Admin console are used to create access lists for sharing assets in Maps Engine. Entries in access lists are specified by their email addresses, so if your organization's domain name is example.com, the addresses of groups are email@example.com and the addresses of users are firstname.lastname@example.org.
The Admin console can serve as a user directory, manage passwords, and authenticate the users when they log in. Each user (a map editor, Maps Engine administrator, or viewer of a private map to which access is controlled) would have an account and would log into Maps Engine with a user name such as email@example.com.
As part of setting up Maps Engine, you'll set up user groups in the Google Admin console and set up a mechanism to maintain those groups. The groups should parallel the Maps Engine access lists that a Maps Engine administrator sets up, so that an access list can simply reference a group, as shown in this figure from the Maps Engine help center.
You can assign group ownership or group management privileges to any user with an account. For more information about roles within Google Groups and the effect of group settings, see this article from the Google Apps help center.
The people who manage a group don't need to be Maps Engine administrators or map editors, or even to have access to Maps Engine. There's one type of exception to this:
- A Maps Engine administrator must be a member of the gme-administrators group.
- To manage the gme-administrators group, a user must be an owner or manager of the group. A Google account administrator can grant the Maps Engine administrator those privileges and thereby authorize the Maps Engine administrator to add and delete other administrators. Delegating that task can be useful in a large-scale environment.
Here are some provisioning and authentication options. You can discuss these with your Google representative.
- If you have a small group of Maps Engine users, provision each user in the Google Admin console to store each user's Maps Engine username/password combination. Each user will have the address user-name@domain, or, for example, firstname.lastname@example.org.
- For larger customer sites, sync the users from your LDAP-compatible server to the Google Admin console, using the Google Apps Directory Sync utility. (You can use this utility, even if your domain doesn't use Google Apps.) A user will log into Maps Engine with the address user-name@domain, or, for example, email@example.com.
- A SAML-based single sign-on solution is a one-time up-front project but is then self-perpetuating. If you'd like single sign-on and don't want to build it yourself, experienced Google Apps partners are available.
- You can set up Google Apps Directory Sync to synchronize your Google domain with your LDAP-compatible directory service.
The rest of this document gives a preview of how you'll set up and manage Google Maps Engine.
A Google Maps Engine deployment usually occurs in several phases, as the following figure shows.
- IT administration: One or more IT team members are involved as account administrators. They create the first Maps Engine administrators and some initial users.
- Early adopters: Google Maps Engine administrators set up access lists and a few map editors start creating maps.
- Global go live: All map editors can access Maps Engine and you've got a growing repository of data, layers, and maps.
- Maintenance: New map editors are smoothly added to Maps Engine and given the correct access. Maps Engine administrators monitor quota use and receive notifications about new features.
Let's go through what happens at each phase.
Before engaging with Maps Engine, you'll need access to your Google Admin console, as described in Your Google Administrator console.
What to do:
Depending on how you partition tasks in your organization, an administrator could also troubleshoot for users, contact Google with issues, ensure that the Maps Engine data is kept up to date, and keep abreast of changes to Maps Engine.
The Maps Engine administrator does not need access to the Google Admin console.
Read about the Maps Engine administrator role.
- Go to the Google Apps for Business page and click Get Started.
- Enter your information on the signup pages. On the second page, specify the domain name you want to use: your organization's current domain name or a complimentary mygbiz.com domain that Google provides for you. Or, you can purchase a new domain name.
- As part of the process, you'll need to verify that you own the domain for which you’re getting the account (unless you are using a complimentary mygbiz.com domain, which doesn’t require verification). For an overview of verification, refer to the Google Apps help center, where you can view this helpful video. The video is in English but captions (labeled CC in the English version) are available in a number of other languages.
There are several verification methods; the DNS TXT method is recommended. Examples of TXT records for a number of Internet service providers are available.
- Wait for the Google Admin console to indicate that your domain was verified.
- In the Admin console, create a user account for at least one Maps Engine administrator.
The Maps Engine administrator has access to all Maps Engine assets (maps, layers, and data). He or she sets up access lists for authorizing map editors, map viewers, or any other group of users.
- In the Admin console, create a group called gme-administrators, setting Access level to Restricted.
If your domain name is example.com, set the group email to be firstname.lastname@example.org.
- Set the sharing options (access settings) as follows:
- Only members can view group content
- Do not list this group
- Only members can view group members list
- People have to be invited
- To the gme-administrators group, add the administrator user account that you created in Step 4.
- Contact your Google representative to verify that you've taken these steps. You'll now be able to send in your order.
- Once Google Maps Engine is provisioned for your domain, remember to cancel your Google Apps for Business trial:
- Click Cancel Google Apps for Business Trial.
- Choose the option to cancel your subscription.
- Click Continue with cancellation.
Early adopters phase
In this phase, your pilot team starts using Maps Engine. You set up pilot users, the Maps Engine administrators create access lists, and the users start building, publishing, and doing quality assurance on maps.
What to do:
These tasks are shared between the account administrator and Maps Engine administrator:
- If you need to create more administrators, create their accounts in the GME domain and add them to the gme-administrators group.
- Create one or more access lists. It's a good idea to create a group to associate with each access list you want to create, move users into the group, and then let the access list reference the group. Read about creating access lists; in particular, see the figure under ideas for organizing access lists.
- Create a small set of pilot users who can upload data, create layers and maps, and publish those maps internally or externally.
These are tasks for the Maps Engine administrator:
- Familiarize yourself with the information in the Help Center.
- Help the early adopters start to upload data and creating maps.
- Sign up for the Google Maps Engine users' group, which lets you exchange tips and information with other users. Let your engaged users know about the group too!
- Sign up for the Google Maps Engine notification group. This email group provides outward communication from Maps Engine product and support engineers so you can stay current with the latest features.
When the early adopter phase is done, you're ready to set up production-ready processes.
What to do:
- If you're using Active Directory you might set up single sign-on for Maps Engine users, using the SAML Single Sign-On (SSO) Service for Google Apps.
- If it's appropriate, populate all users and set up regular user synchronization from your LDAP-compatible server, using Google Apps Directory Sync. When viewing the document, remember that there are some differences between your Maps Engine environment and the environment on which the document is focused.
- Set up additional organization to enable maintenance. Possible enhancements:
- Create additional administrators. For example, you might partition your environment so that groups who deal with specific types of data have their own administrators. Any user in the Google Apps account can be given Maps Engine admin privileges; you need only to add the user to the gme-administrators group.
- Delegate authority to administer the Google groups that feed into access lists to some other administrators or users. As employees are hired, leave, or change roles, access lists should change, and so someone needs to update the associated Google groups.
Now that things are running, you'll need to keep up with changes in your user population and maintain the Maps Engine repository. The tasks listed in this section and the way they're split between roles are just one set of possibilities; your environment may have different needs or roles.
These are the account administrator's maintenance tasks.
|Manage groups (may be delegated to or shared with Maps Engine administrator)||
These are the Maps Engine administrator's maintenance tasks.
|Manage groups (may be shared with account administrator)||
|Manage access lists||
|Manage data and assets (could also be done by map editors)||
At this point, you should be able to grow your Google Maps Engine environment by using the help center, users' group, and notifications group.
You may have already looked at some of these, but if not, here's a list of help center articles that you might find useful.
- Maps Engine basics
- The administrator's role
- About access lists
- Using Google Groups and access lists
- Supported data formats and limits
- Using folders to organize layers
If you run into problems, see how you can get support.
Enjoy using Maps Engine!