Google Apps Group Connector

Overview

Google Groups connector is a reading, writing and deleting connector provided by  UNIFYBroker/Google Apps

This connector encapsulates the information that is available through the Google Apps groups API. 

Technical Requirements

The Google Groups connector has no additional requirements following that listed connector prerequisites.

Usage

A Google Groups connector encapsulates Groups data which is made available through the Google Apps groups API.

Reading Yes
Writing Yes
Deleting Yes
Polling No

Schema

The Google Apps Groups connector provides three connectors, Default, Settings and Members.

Default Schema Provider

This schema provider makes available the standard fields provided by the groups API.

Image 4264

Settings Schema Provider

This schema provider makes available fields containing the settings and controls for the groups.

Image 4265

Member Schema Provider

This schema provider makes available multi-value fields containing the Distinguished Name for users or groups which are part or hold a role in the group.

Image 4266

Configuration

Basic Configuration

The basic configuration for a Google Groups connector is as follows:

Image 4267

Name Description
Request Method

The method used to request items.

  • Customer: Makes requests run using the context of the Customer that has been configured in the Agent
  • Domain: Makes requests run using the context of the Domain that has been configured in the Agent
Read Method

The method used to generate a group membership distinguished name from the data stored in Google Apps.

  • None: Does not attempt to generate group member references. 
  • DN: Uses the members id to look up the group or user on their respective adapters to find the distinguished name. 
  • Id: Hardcodes the distinguished name to CN={id},OU={users} or CN={id},OU={groups}. 
  • Email: Hardcodes the distinguished name to CN={email},OU={users} or CN={email},OU={groups}

Note: If Read Method is any other setting than None, the settings described in Membership Configuration will also need configuring.

Export Synchronicity Allows export operations to be changed from running synchronously. Synchronous: The default setting, which allows for error messages to be propogated to the identity management platform; Asynchronous: Performs operations asynchronously, logging is still performed, however, the return status will always be a success. For asynchronous mode read the documentation before using.

Membership Configuration

If Read Method is not set as None, the following configuration are required.

Image 4268

Name Description
Save Method

The method used to translate from the exported group memberships back to the Id recognised by Google Apps.

  • DN (default): Searches the configured Adapter to find the matching entity. 
  • Id: Assumes that the RDN (the first component in the DN) is a Google Apps Id. Extracts the value and passes it straight to Google Apps without having to look up the item. 
  • Email: Assumes that the RDN (the first component in the DN) is a Google Apps email. Extracts the value and passes it straight to Google Apps without having to look up the item.
Google User Adapter

The Adapter that contains Google User information. This is required to read or write group memberships unless both Read Method and Save Method are set as Email.

Google Group The Adapter that contains Google Group information. This is required to read or write group memberships, unless both Read Method and Save Method are set as Email.
Group Filter A comma-separated list of whitelist filters to be applied against the end of the group name. Only group names that end in an item in this list will be included in the resultant set of data. Leave blank to not apply any filter. This filter is not performed server side.

Google Scopes

The service account requires specific scopes to perform certain functions:

Operation Required scope
Reading https://www.googleapis.com/auth/admin.directory.group.readonly
Reading memberships https://www.googleapis.com/auth/admin.directory.group.member.readonly
Reading settings https://www.googleapis.com/auth/apps.groups.settings
Writing https://www.googleapis.com/auth/admin.directory.group
Writing memberships https://www.googleapis.com/auth/admin.directory.group.member
Writing settings https://www.googleapis.com/auth/apps.groups.settings
Deleting https://www.googleapis.com/auth/admin.directory.group

Is this article helpful for you?