Yes, designate a Directory Admin for your domain. That person can authorize read-only access to the G Suite Groups and Group members of your domain.
Then you can designate a Group as the account owner. For example, the cameras for Camio's own San Mateo office are associated with the group sanmateo@camio.com, and all members of that Group are considered Guests with Can View permission:
Group members with the roles of Manager or Owner (instead of just Member) have Can Manage permission.
Prerequisites
Camio looks up Group membership using the G Suite Admin API. So the only prerequisite is to ensure that the API is enabled by your G Suite Domain Administrator.
- Enable the G Suite Admin API, if not already enabled
(see https://developers.google.com/admin-sdk/directory/v1/guides/prerequisites.html#set_up_api)
Authorize read-only access to Groups
To enable Camio to read your domain's Groups:
- Contact us to assign your Domain Admin, then open the page:
https://camio.com/domains - Press Find after entering your domain and then assign the Directory Admin, who is the person with permission to grant read-only access to your domain's Groups and Group membership.
- Ask the newly designated Directory Admin to:
- Sign in with Google, where the email address associated with the Directory Admin's Google account matches the email entered as your domain's Directory Admin.
- Press the Authorize button shown on that same https://camio.com/domains page. The Authorize button opens this link to grant read-only access to Groups:
https://camio.com/google/oauth2
- Verify that you can now see your G Suite Group memberships as JSON output at:
https://camio.com/api/users/me/groups - Register each Box to its Group account owner.
When the account is a Group from your Directory, the /guests page excludes the ability to add/remove Guests. And the permissions Can View and Can Manage are instead controlled by whether the user's Group membership role is MEMBER or MANAGER/OWNER respectively.
NOTE: the read-only permission granted by your Directory Admin is used to lookup the Group memberships to know whether a person has access to view recorded video. So if the Directory Admin user ever changes, it's important that the new Directory Admin re-authorize the read-only access to Groups in step 3 above.
NOTE: To reduce high frequency API calls to Google Workspace Directory API for things like websocket notifications of new Events for Event Streaming, the list of members of a Group is cached for 20 minutes. So when you make changes to the members of Google Group, you can either force an immediate sync on the /guests page or ask the end user to sync using the refresh button next to "Accounts" on the Search Panel.
Comments