Skip to end of metadata
Go to start of metadata

Table of Contents

Introduction

Description

Google Apps Connector allows to manage users and groups using the Google Directory API.

Managed Systems

This connector is specific for integration with the Google domain.

If your system is not in the previously list, it's possible to include it easily!

For more information to check if your system may be synchronized with this connector you do not hesitate to contact us through our Contact form

Prerequisites

To get a service account and a private key, please follow this link: Creating a service account. You must:

  • Register a new project
  • Enable AdminSDK API
  • Register a new OAuth service account. Store the JSON generated file in a secure place.

Furthermore, you will need to follow this guide to enable the recently created account to use directory API services. The scopes to grant are:

Download and install

This addon is located in the Connectors section and its name is SQL Google Apps plugin.

For download and install the addon you could review our generic documentation about this process: Addons installation

Agent configuration

Basics

Generic parameters

After the installation of the addon, you may create and configure agent instances.

To configure this Google Apps Connector you must select "GoogleApps" in the attribute "Type" of the generic parameters section in the agents page configuration.

For more information about how you may configure the generic parameters of the agent, see the following link: Agents configuration

Custom parameters

Below there are the specific parameters for this agent implementation:

ParameterDescription
Admin user

Administrator account name

Service account client email
Extract it from generated json file. It is tagged as client_email
Service account private key

Extract it from generated json file. It is tagged as private_key. As the private key is JSON encoded, mind to replace unicode escape chars by it's ASCII equivalents

Google domain
Base google domain

Attribute mapping

This connector could manage users and groups.

Properties

Nothing to configure.

Attributes

Users

Users and shared accounts can be customized. The next attributes are required:

Attribute
Value
suspended"True" if the account is disabled. "False" otherwise
name{"givenName"}User given name
name{"familyName"}User last name
name{"fullName"}User full name
primaryEmailAccount name

To get an extensive list of attributes supported by Google, browse to Google User API

Soffid groups can be mapped as OrgUnits.

Attribute
Value
nameOrg Unit Name

 

Groups

Mails alias will be automatically bound to users without any further configuration.

Roles and Mail Lists will also be created and maintained as Google Apps groups.

 

For more information about how you may configure attribute mapping, see the following link: Soffid Attribute Mapping Reference

 

For example:

 

Load triggers

Pending to be documented.

Account metadata

Pending to be documented.

Operational

Monitoring

After the agent configuration you could check in the monitoring page if the service is running in the Synchronization Server, please go to "Start Menu > Monitoring and reporting > System monitoring".

Tasks

Authoritative

If you are checked "Authorized identity source", an automatic task to load identities from the managed system to Soffid is available, please go to "Start Menu > Processes and Tasks > Manage automatic tasks", and you will something like "Import authoritative data from <AGENT_NAME>".

Reconcile

If your are configured the "Attribute Mapping" tab with some of our objects: "user, account, role, group or grant", an automatic task to synchronize these objects from the managed system to Soffid is available, please go to "Start Menu > Processes and Tasks > Manage automatic tasks", and you will something like "Reconcile all accounts from <AGENT_NAME>".

Synchronization

About the synchronization of the objects, there are two possible options:

  • If you are checked the generic attribute "Read Only" in the "Basics" tab, only the changes in the managed systems will be updated in Soffid. We recommend this options until the global configuration of Soffid will be tested.
  • If you are not checked the generic attribute "Read Only" in the "Basics" tab, all the changes in Soffid or the managed system will be updated in the other. Note that this synchronization must be configured in the "Attribute mapping" tab correctly.

 

  • No labels