Can I use G Suite Groups to control access to accounts?

Yes, designate a Directory Admin for your domain. That person can authorize read-only access to the G Suite Groups and Group members of your domain.

Then you can designate a Group as the account owner. For example, the cameras for Camio's own San Mateo office are associated with the group sanmateo@camio.com, and all members of that Group are considered Guests with Can View permission:

Screen_Shot_2019-06-17_at_3.35.40_PM.png

Group members with the roles of Manager or Owner (instead of just Member) have Can Manage permission.

Authorize read-only access to Groups

To enable Camio to read your domain's Groups:

  1. Contact us to assign your Domain Admin, then open the page:
    https://camio.com/domains
  2. Assign the Directory Admin, who is the person with permission to grant read-only access to your domain's Groups and Group membership.
    Screen_Shot_2019-06-17_at_3.38.09_PM.png
  3. Ask the newly assigned Directory Admin to press the Authorize button after signing in to that same /domains page. The Authorize button opens this link to grant read-only access to Groups:
    https://camio.com/google/oauth2
    Screen_Shot_2019-06-13_at_4.33.28_PM.png
  4. Verify that you can now see your G Suite Group memberships as JSON output at:
    https://camio.com/api/users/me/groups

  5. Register each Box to its Group account owner.

 

When the account is a Group from your Directory, the /guests page excludes the ability to add/remove Guests. And the permissions Can View and Can Manage are instead controlled by whether the user's Group membership role is MEMBER or MANAGER/OWNER respectively.

 


NOTE: the read-only permission granted by your Directory Admin is used to lookup the Group memberships to know whether a person has access to view recorded video. So if the Directory Admin user ever changes, it's important that the new Directory Admin re-authorize the read-only access to Groups in step 3 above.

 

Have more questions? Submit a request

Comments