Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • EMS Administration Guide

    Home FortiClient 7.0.7 EMS Administration Guide
    7.0.7
    7.4.1
    7.4.0
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.9
    6.4.8
    6.4.7
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.8
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0

    Creating unique service account credentials

    Creating unique service account credentials

    Creating a unique set of service account credentials provides more security. Unique service account credentials include the following:

    • Client ID (a long number)
    • Service account ID (email address)
    • Service account certificate (a certificate in .pem format)
    1. Go to Google API Console.
    2. Log in with your Google Workspace account credentials.
    3. Create a new project:
      1. Click the toolbar list. The browser displays the following dialog.

      2. Select your organization, if you see an organization dropdown list.
      3. Click the + button.
      4. In the Project name field, enter your project name, then click Create.
    4. Enable the Admin SDK:
      1. Select your project from the toolbar list, then go to the Library tab.
      2. Under Google Workspace APIs, click Admin SDK.

      3. Click ENABLE.

    5. Create a service account:
      1. Go to the Credentials tab and select Create Credentials > Service account key.
      2. From the Service account list, select New Service Account. Enter a service account name.
      3. From the Role list, select Project > Viewer.
      4. Select P12 as the Key type and click Create.

        After you create the service account, a private key with the P12 extension is saved on your computer.

        The private key with the P12 extension is the only copy you receive. Keep it in a safe place. You should also remember the password prompted on the screen. At this time, that password should be notasecret.

    6. Go to the Credentials page > Manage service accounts.
    7. Edit the service account you just created and select the Enable Google Apps Domain-Wide Delegation checkbox. Enter a Product name for the consent screen if this field appears.

    8. Click Save.
    9. Click View Client ID to see your service account information. Record the client ID, service account, and the associated private key (downloaded in step 5d).

    To use the private key in EMS, it needs to be converted to .pem format. You can use the following openssl command to convert it. Remember to use the notasecret password.

    C:\OpenSSL-Win64\bin>openssl pkcs12 -in demo-976b9d6e9328.p12 -out serviceAccount-demo.pem -nodes -nocerts

    Enter Import Password:
    Previous
    Next

    Creating unique service account credentials

    Creating unique service account credentials

    Creating a unique set of service account credentials provides more security. Unique service account credentials include the following:

    • Client ID (a long number)
    • Service account ID (email address)
    • Service account certificate (a certificate in .pem format)
    1. Go to Google API Console.
    2. Log in with your Google Workspace account credentials.
    3. Create a new project:
      1. Click the toolbar list. The browser displays the following dialog.

      2. Select your organization, if you see an organization dropdown list.
      3. Click the + button.
      4. In the Project name field, enter your project name, then click Create.
    4. Enable the Admin SDK:
      1. Select your project from the toolbar list, then go to the Library tab.
      2. Under Google Workspace APIs, click Admin SDK.

      3. Click ENABLE.

    5. Create a service account:
      1. Go to the Credentials tab and select Create Credentials > Service account key.
      2. From the Service account list, select New Service Account. Enter a service account name.
      3. From the Role list, select Project > Viewer.
      4. Select P12 as the Key type and click Create.

        After you create the service account, a private key with the P12 extension is saved on your computer.

        The private key with the P12 extension is the only copy you receive. Keep it in a safe place. You should also remember the password prompted on the screen. At this time, that password should be notasecret.

    6. Go to the Credentials page > Manage service accounts.
    7. Edit the service account you just created and select the Enable Google Apps Domain-Wide Delegation checkbox. Enter a Product name for the consent screen if this field appears.

    8. Click Save.
    9. Click View Client ID to see your service account information. Record the client ID, service account, and the associated private key (downloaded in step 5d).

    To use the private key in EMS, it needs to be converted to .pem format. You can use the following openssl command to convert it. Remember to use the notasecret password.

    C:\OpenSSL-Win64\bin>openssl pkcs12 -in demo-976b9d6e9328.p12 -out serviceAccount-demo.pem -nodes -nocerts

    Enter Import Password:
    Previous
    Next