Configuring Google Workspace for Google Meet integration

This topic explains the Google Workspace configuration steps that are required when integrating Pexip Infinity with Google Meet.

It covers the following processes:

You can configure your Google Meet settings from the Google Admin console via Apps > Google Workspace > Google Meet.

For more information about setting up Google interoperability, see https://support.google.com/a/answer/7673980.

Generating your interoperability access tokens

Interoperability access tokens are the private codes assigned to your Workspace account that are used by Pexip Infinity when it routes calls into your Google Meet conferences. Tokens can be defined as "trusted" or "untrusted", see Enabling access and admitting external participants into Google Meet conferences for details.

The generated tokens are only displayed once in Google Workspace, at the time of creating them. These tokens need to be configured on your Pexip Infinity system. Therefore you should have your Pexip Infinity Administrator interface open and available at the same time as you are generating the tokens within Google Workspace.

To set up your trusted and untrusted interoperability access tokens from the Google Workspace administrator console:

  1. Go to Apps > Google Workspace > Google Meet > Interoperability tokens.
  2. Select Add Token.
  3. Select a Type of Pexip.
  4. Enter a token name, for example the domain of your Pexip Infinity deployment plus we recommend adding a "trusted" or "untrusted" label, for example "example.com (trusted)".

  5. Select whether it is a Trusted token or not (to be used with trusted devices).

  6. Select Create a token.

    You are shown the generated interoperability token.

    This is the token you must enter into Pexip Infinity.

  7. Use the option to copy the token to your clipboard.

    This is the only time you will be able to see the token before it is stored and encrypted in Google Workspace.

  8. Switch to your Pexip Infinity Administrator interface and configure this interoperability token in Pexip Infinity:

    1. Go to Call control > Google Meet Access tokens and select Add Google Meet access token.

    2. Add the details of your token:

      Name The name that you specify here is used elsewhere in the Pexip Infinity interface when associating the token with a Call Routing Rule or Virtual Reception, so we recommend including an indication if it is your trusted or untrusted token.
      Access token

      Paste in the access token from your clipboard.
    3. Select Save.
  9. You can now return to the Google Workspace console and Close the token dialog.

  10. If you want to create a trusted and an untrusted token, repeat the above steps to generate the second interoperability token.

    You can create as many trusted and untrusted tokens as required, although one of each type is normally sufficient. Service providers may need to apply multiple pairs of access tokens for each tenant they are managing.

See Configuring Pexip Infinity as a Google Meet gateway for more information about Pexip Infinity configuration requirements.

Google Meet interoperability settings

You also need to enable Google Meet interoperability to allow other systems to dial into your Google Meet calls. You do this via Apps > Google Workspace > Google Meet and then configure the Meet video settings and select the Interoperability settings.

You should configure the following Interoperability options:

Name Description
Allow interoperability with other systems

Select this option to enable gateway interoperability and to configure the other settings.

By default, interoperability is made available to everyone in the organization; see Controlling access to gateway interoperability for details about how to limit access.
Meeting ID length Select Long meeting IDs. (Short IDs are the previous, deprecated method.)
Gateway IP address and Gateway hostname

The IP address and hostname address you specify here are used when Google Meet generates the addresses that allow third-party systems to access the conference. They are used to direct callers to your Pexip Infinity Conferencing Nodes that will then connect them into the Google Meet conference.

  • Gateway IP address: set this to the IP address of one of your Conferencing Nodes.
  • Gateway hostname: set this to the name of the DNS SRV record that you have set up for your Conferencing Nodes (e.g. vc.example.com). Alternatively you can use the FQDN of one of your nodes (e.g. px01.vc.example.com).

Ensure that you refer to Conferencing Nodes that will be routable from those systems and devices that will be using those dial-in addresses.

See DNS record examples for more information about enabling endpoints to route their calls to Conferencing Nodes.
Meeting ID prefix Leave blank.

Provide an additional gateway for Skype for Business users

Hostname

In most cases this option is not required and should not be selected — normally the address shown via the "More joining options" link in the calendar event or invite is suitable for both SIP devices and Skype for Business users to join your meetings (as they will typically use the same Gateway hostname domain).

Only select this option if you use a different domain for Skype for Business and you need to generate a separate joining address for Skype for Business users. In which case, select this option and specify the domain used for Skype for Business calls as the Hostname.

Controlling access to gateway interoperability

When you enable gateway interoperability (by selecting Allow interoperability with other systems), it is made available by default to everyone in the organization.

However, you can restrict access to the interoperability functionality to specific Organizational Units (OUs) or groups, although it is not currently possible to enable it for individual users. See https://support.google.com/a/answer/9493952 for more details about how to do this.

Note that:

  • You can configure a subset of specific OUs/groups for interop access before turning on the main Allow interoperability with other systems to avoid temporarily making it available to everybody in the organization. If you subsequently want to broaden the access you can add other OUs/groups or just enable it for everybody in the organization.
  • The access tokens apply to the entire Google Workspace tenant (i.e. to all specified OUs, groups or the entire organization, as appropriate).

Host management and video lock

Within a meeting, a meeting host must ensure that the Turn on their video setting (within the Host management options for that meeting) is enabled, otherwise VTCs will not be able to join the meeting.