TABLE OF CONTENTS
Google Service Account Settings
Login to Aeries as an Administrator and navigate to the Google Staff Integration form (School Info | Configurations | Google Staff Integration). Please note that while the navigation is currently under School Info, these settings are in fact for the district and need only be set once. You will see four tabs:
- Directory Sync Settings - pertain to how you want your Staff accounts formatted and how you want Aeries to interact with Google for directory synchronization.
- Organizational Unit Structure - describes how your Staff will be organized inside of Google. This tab is only applicable to Directory Sync.
- Google Service Account Settings - should only need to be configured once and then can be left alone.
- Maintenance Functions – contains several functions for maintaining the Google integration
Note: Directory Sync is recommended but is not necessarily required to be used to integrate with Google Classroom.
The Google Service Account Settings should be configured first.
Google Service Account Settings
This is where you will copy information from the Google Cloud Console.
- API Integration ID – This is the project name you entered in an earlier step (e.g., "Staffintegration"). The API Integration ID should be used instead of the Application name.
- User to Impersonate – This is the Super Admin account you created in the Google Admin Console (e.g., "aeriesstaff@yourdomain.org")
- Service Account Client ID – This is the Client ID that belongs to the Service Account and should be visible in the open Google Cloud Console tab.
- Service Account Email Address - This is the email address that was generated when you created the Service Account and should be visible in the open Google Cloud Console tab.
- JSON Private Key File Name – The credentials for the Google Service Account now accept the newer .json type credential to allow for further enhancements in the future, this can be downloaded from your Google Cloud Console API credentials area. It should be placed in the AppSettings folder for every Aeries instance (e.g., Admin, Teacher, Student and Parent Portal) on your web server and the AeriesReporting\Service folder of your Aeries Reporting Server. It has Legacy support for the P12 files.
Directory Sync Settings
- Synchronize all Staff nightly – This will add accounts for Staff who do not currently have a Google account associated with their Aeries account.
NOTE: Inactivating/Deleting Staff records WILL NOT affect their Google account. These accounts must be suspended/deleted in Google Admin Console.
- Time to Sync - Time of Day to run the Syncing process.
- Automatically sync Staff accounts when added. - This will asynchronously sync new Staff records to your GSuite Directory whenever a new Staff record is added.
- Automatically add teachers to the Classroom_Teachers group in GSuite. This will asynchronously add teachers to your Classroom_Teachers group in GSuite. This option will use the Teacher Domain specified on the Google Apps Integration page if it is populated. This will be based on a Staff member having a TCH record, or an SSE/SSM record for Section-Staff schools.
- Replace Existing Staff Emails (STF.EM) with Pattern – Should the nightly process override any existing values in the Staff email field that do not match the pattern and replace those values with the Staff's current or newly created Google account?
- Staff Root Org Unit – The top level Organizational Unit Staff will be added to. This is critical as you can act on all Staff accounts from within the Google Admin Console by nesting them under one org unit. The sub levels are created on the Organization Unit Structure tab.
- Staff User Name Pattern- This is the pattern that will be applied to all Staff GSuite user accounts. Use the elements below separated by any of the following: period, underscore, or hyphen to build the pattern your Staff will have for their accounts.
You may also use LEFT and RIGHT string functions to include only part of an element for example:
LEFT(1,[last-name])
Note: It is not recommended to change this pattern once you have begun synchronizing students to Google.
Examples for Staff John Smith, #123456, DOB: 1/2/2001,
| [first-name][last-name][birth-year] | johnsmith2001 |
| [last-name]RIGHT(2,[birth-year]) | smith01 |
| First letter of first name, first 4 letters of last name, last 3 of Staff ID LEFT(1,[first-name])LEFT(4,[last-name])RIGHT(3,[permanent-id]) | jsmit456 |
- Staff Password Pattern – Like the Staff User name pattern, but just for the password. Use a pattern that will ensure all passwords will be at least 8 characters long.
Note: The Aeries Google integration only controls the Google password during the initial creation of the account.
- Force New Staff to Change Password on First Login to Google? – Newly created Staff will be forced to change their password.
- Manage the Location of Existing Staff Accounts in the Google OU structure - When this option is turned on, existing staff will be moved from one org unit to another in Google based on information in Aeries (e.g., Primary School name, number, type) and the chosen org unit structure. This option is on by default.
- Manage Account Status - When this option is enabled, Inactivating or Activating a STF record will suspend/reactivate the Google User account.
- Notification Email Address - This is the email that will be used to email the results of mass functions like the nightly sync process. Multiple emails can be entered separated by a semi-colon.
Organization Unit Structure
The Staff Root Org Unit is the OU entered on the Directory Sync Settings tab. Now you may choose subdirectories for Staff. The [staff-of-school-name] is included to be available for Districts that were already using that Google OU for Google Classrooms
Maintenance Functions
This includes functions for manually syncing/populating Google Staff accounts.
Connection Confirmation
You have now entered all the data elements necessary to connect to Google. Click the Save button at the top or bottom of the page, and the Configuration Status message should display a green check mark next to Google Directory Sync. If the connection fails, a red error message will display with error information.
