Configuring G Suite for domain user authorization

This topic describes an alternative method to configuring G Suite for One-Touch Join in environments where the recommended method of using a service account for authorization is not desirable. This alternative method uses a domain user for authorization (referred to as the "authorization user"), which authenticates to G Suite using 3-legged OAuth.

The process involves the following steps, described in more detail in the sections that follow:

  1. Setting up OAuth authentication for One-Touch Join.
  2. Creating a room resource for each physical room that will have a One-Touch Join endpoint in it.
  3. Configuring the room resource with the necessary permissions and settings to support One-Touch Join.
  4. Updating the quota for the number of user requests per 100 seconds.
  5. For larger deployments, Requesting an increase to API limits.
  6. Adding a One-Touch Join G Suite integration on Pexip Infinity.

If you have already set up a One-Touch Join G Suite integration and simply wish to add an existing room to it, you need only configure the room resource in G Suite and then add the endpoint to the G Suite integration in Pexip Infinity.

Prerequisites

You must have already created a user account specifically to be used as the G Suite authorization user. This user account does not need to have any special privileges; as part of the configuration described below you will grant this user access to all the One-Touch Join room resource calendars.

Next steps

You must now configure the remainder of the One-Touch Join components on Pexip Infinity, as described in Configuring Pexip Infinity for One-Touch Join.