Skip to end of metadata
Go to start of metadata

Google apps connector can manage user and groups using Google Directory API

Prerequisites

To get a service account and private key, follow this link: Creating a service account. You must:

  • Register a new project
  • Enable AdminSDK API
  • Register a new OAuth service account. Store the JSON generated file in a secure place.

Furthermore, you will need to follow this guide to enable the recently created account to use diretory API services. The scopes to grant are:

  • View and manage the provisioning of groups on your domain:  https://www.googleapis.com/auth/admin.directory.group  
  • View and manage group subscriptions on your domain:  https://www.googleapis.com/auth/admin.directory.group.member 
  • View and manage organization units on your domain:  https://www.googleapis.com/auth/admin.directory.orgunit  
  • View and manage the provisioning of users on your domain:  https://www.googleapis.com/auth/admin.directory.user

Configuration

To connect, you must give the following parameters:

  • Administrator account name.
  • Service account name. Extract it from generated json file. It is tagged as client_email
  • Service account private key. Extract it from generated json file. It is tagged as private_key. As the private key is JSON encoded, mind to replace unicode escape chars by it's ASCII equivalents.
  • Base google domain.

 

Object mappings

Users and shared accounts can be customized. The next attributes are required:

Attribute
Value
suspendedTrue if the account is disabled. False otherwise
name{"givenName"}User given name
name{"familyName"}User last name
name{"fullName"}User full name
primaryEmailAccount name

To get an extensive list of attributes supported by Google, browse to Google User API

Soffid groups can be mapped as OrgUnits.

Attribute
Value
nameOrg Unit Name

 

Mails alias will be automatically bound to users without any further configuration.

Roles and Mail Lists will also be created and maintained as Google Apps groups.

 

 

 

 

 

  • No labels