docs: document service account requirements (#999)

2025-07-05 02:48:05 +02:00 · 2020-06-25 19:32:36 -04:00 · 2020-06-25 19:32:36 -04:00 · c049d87362
commit c049d87362
parent 917d8ec61b
6 changed files with 59 additions and 41 deletions
--- a/docs/configuration/examples/config/config.example.env
+++ b/docs/configuration/examples/config/config.example.env
@ -40,10 +40,6 @@ export COOKIE_SECRET="$(head -c32 /dev/urandom | base64)"
 export IDP_PROVIDER="google"
 export IDP_PROVIDER_URL="https://accounts.google.com" # optional for google

-# IF GSUITE and you want to get user groups you will need to set a service account
-# see identity provider docs for gooogle for more info :
-# export IDP_SERVICE_ACCOUNT=$(echo '{"impersonate_user": "bdd@pomerium.io"}' | base64)
-
 # OKTA
 # export IDP_PROVIDER="okta"
 # export IDP_CLIENT_ID="REPLACEME"
@ -62,3 +58,7 @@ export IDP_PROVIDER_URL="https://accounts.google.com" # optional for google
 # directly as a base64 encoded yaml/json file, or as the policy key in the configuration
 # file
 export POLICY="$(base64 ./docs/configuration/examples/config/policy.example.yaml)"
+
+# For Group data you must set an IDP_SERVICE_ACCOUNT
+# https://www.pomerium.com/configuration/#identity-provider-service-account
+# export IDP_SERVICE_ACCOUNT=$( echo YOUR_SERVICE_ACCOUNT | base64)