Connect ExtraFax for Exchange with Google Apps for Work

Link:  http://www.extracomm.com/Extracomm/FAQ.NSF/FAQs/9c984242544c468948257f4d000bbcbf
Apply to:  ExtraFax for Exchange

Last Modified Date:  02/06/2016


Connect ExtraFax for Exchange with Google Apps for Work

Starting from ExtraFax for Exchange 3.0, you can setup ExtraFax to connect to Google. This will be useful if you want to achieve the following objectives:

  • Import Google Apps for Work users to ExtraFax

ExtraFax for Exchange connects to Google using the OAuth 2.0 protocol.


Import Google Apps for Work users to ExtraFax

You need to do the following:

    • Configure security settings in Google Apps for Work Admin Console
    • Create a project in Google Developer Console using your Google Apps for Work administrator account
    • Create an OAuth 2.0 client ID in the above project. The client ID will be used by ExtraFax to connect to Google
    • Create an OAuth 2.0 provider in ExtraFax
    • Create an OAuth 2.0 Authorization User Rule in ExtraFax to import the required users from Google Apps for Work

Implementation Details

The sections below describe the configuration details.


Configure Security Settings in Google Apps for Work Admin Console

1) Sign in to Google Apps for Work Admin Console using an account with "Super Admin" Role.

2) Click on Security



3) Click API reference. Under it, make sure API access is enabled.

4) When prompted, save the change.





Create a project in Google Developer Console

1) Sign in to Google Developer Console. If you plan to import users from Google Apps for Work, please use the corresponding administrator account

2) Create a new project by selecting "Create a Project" from the projects list

3) In the New Project dialog, type in a name for the project. E.g. ExtraFax . Click the Create button and wait for the project to be created.



4) After the project is created, it will be shown in the Dashboard. Click Use Google APIs.


5) The API Manager page is shown. If you plan to import users from Google Apps for Work, click Admin SDK and enable it.


6) On the left side menu, click Credentials. Click New credentials. Select OAuth client ID.


7) Click Configure consent screen.



8) Fill in the OAuth consent screen details. Specify a product name. e.g. ExtraFax. Other fields are optional. Click Save.


9) On the next page shown, select Web application. Under Authorized redirect URIs. Specify the following:

a) If you plan to import users from Google Apps for Work, enter <http protocol>://<extrafax server dns name>/auth2/google_oauth2/callback_login
For example: https://faxserver.adatum.com/auth2/google_oauth2/callback_login

We recommended that https be used for better security. (Please configure IIS and ExtraFax to support https)
The <extrafax server dns name> can be any name that can be resolved by your browser when the WebFax admin pages are being accessed.
For example, if you would only access the WebFax admin page on a browser launched locally on the ExtraFax server, you can use "localhost".
For example: https://localhost/auth2/google_oauth2/callback_login
If you would only access the WebFax admin page within the intranet environment in your organization, you can use the fax server name.
For example: https://faxserver/auth2/google_oauth2/callback_login

Click Create to create the crendential.


10. An OAuth client screen with client ID and client secret will be shown. Click OK.



11. The same Client ID and Client secret will be shown on the credentials page. These information will be required when you configure ExtraFax.






Create an OAuth 2.0 provider in ExtraFax

1. Sign in to ExtraFax as administrator. Under System, click OAuth 2.0 Provider on the left menu. Click New.
Fill in the details using the Client Id and Secret obtained when you created the Google developer project (see section above).
Use the syntax <http protocol>://<extrafax server dns name>/auth2/google_oauth2/callback for the field Redirect URL.
Select "Google" for the Provider field.
Click Save.





Create an OAuth 2.0 Authorization Rule in ExtraFax

1) Sign in to ExtraFax as administrator. Under Organization Management, click OAuth 2.0 Authorization. Click New.
Specify a name for the new rule. Select Google for Provider Type. Select the provider created in the section above as the OAuth 2.0 provider.




2) Under Google Apps, click Sign in. A window "Google Accounts" will pop up. Sign in with a Google Apps for Work account that has "Super Admin" Role (See Appendix at the end of this document). You will be
prompted to grant access to the product name created in the section "Create a project in Google Developer Console". Click Allow to continue.
When succeed, you will be presented with a screen similar to the one below. Close the window.



3) On the New OAuth 2.0 Authorization Rule page, make sure your Google Apps for Work domain is loaded in the Domain droplist. In User Selection, specify how ExtraFax
should import the users from your Google Apps for Work.


4) Specify a group name if you want to import only users from a specific group.

5) Specify required criteria if you want to import users that meet specific criteria. This gives you more control on how users are imported.

6) Click "Save and Import" when you are done.

7) The new rule will be created and user import will be started and running. Please manually refresh the page to see the import progress.



8) When import finished successfully, new users will be imported and can be found in the User left menu.

9) To sign in to ExtraFax using Google Apps for Work account, browse to the Provider Direct Sign In Page ( See step 7). You will be redirected to Google for sign in. Once authenticated, you will be redirected back to ExtraFax WebFax.



Appendix A

Check Google user account for Super Admin Role

1) Login to Google Admin Console. Select the user account to be used to Sign in for granting permssion. Click "Show More". Click "Admin roles and privileges". Click Manage Role. Confirm that the account has "Super Admin" role.

2) Click "Update Roles" if new role(s) is assigned to the user account.

3) Logout from Google Admin Console.


Appendix B

Common Errors

Domain cannot use apis

Please perform the steps in the section "Configure Security Settings in Google Apps for Work Admin Console"

Resource Not Found

Please check if the Google user account used belongs to your Google Apps for Work domain.

Not Authorized to access this resource/api

Please use a Google user account with "Super Admin" role assigned.