Skip to end of metadata
Go to start of metadata

Table of Contents


Google apps connector can manage user and groups using Google Directory API

Managed Systems


To get a service account and private key, follow this link: Creating a service account. You must:

  • Register a new project
  • Enable AdminSDK API
  • Register a new OAuth service account. Store the JSON generated file in a secure place.

Furthermore, you will need to follow this guide to enable the recently created account to use diretory API services. The scopes to grant are:

  • View and manage the provisioning of groups on your domain:  
  • View and manage group subscriptions on your domain: 
  • View and manage organization units on your domain:  
  • View and manage the provisioning of users on your domain:

Agent configuration

To connect, you must give the following parameters:

  • Administrator account name.
  • Service account name. Extract it from generated json file. It is tagged as client_email
  • Service account private key. Extract it from generated json file. It is tagged as private_key. As the private key is JSON encoded, mind to replace unicode escape chars by it's ASCII equivalents.
  • Base google domain.



Users and shared accounts can be customized. The next attributes are required:

suspendedTrue if the account is disabled. False otherwise
name{"givenName"}User given name
name{"familyName"}User last name
name{"fullName"}User full name
primaryEmailAccount name

To get an extensive list of attributes supported by Google, browse to Google User API

Soffid groups can be mapped as OrgUnits.

nameOrg Unit Name


Mails alias will be automatically bound to users without any further configuration.

Roles and Mail Lists will also be created and maintained as Google Apps groups.






  • No labels