Google Apps Group Connector

Overview

A Google Groups connector is a reading, writing and deleting connector provided by UNIFYBroker/Google Apps.

This connector encapsulates the information that is available through the Google Apps groups API.

Technical Requirements

The Google Groups connector has no additional requirements following that listed connector prerequisites.

Usage

A Google Groups connector encapsulates Groups data which is made available through the Google Apps groups API.

Reading	Yes
Writing	Yes
Deleting	Yes
Polling	No

Schema

The Google Apps Groups connector provides three connectors, Default, Settings and Members.

Default Schema Provider

This schema provider makes available the standard fields provided by the groups API.

Settings Schema Provider

This schema provider makes available fields containing the settings and controls for the groups.

Member Schema Provider

This schema provider makes available multi-value fields containing the Distinguished Name for users or groups which are part or hold a role in the group.

Configuration

Basic Configuration

The basic configuration for a Google Groups connector is as follows:

Name	Description
Request Method	The method used to request items. Customer: Makes requests run using the context of the Customer that has been configured in the Agent Domain: Makes requests run using the context of the Domain that has been configured in the Agent
Read Method	The method used to generate a group membership distinguished name from the data stored in Google Apps. None: Does not attempt to generate group member references. DN: Uses the members id to look up the group or user on their respective adapters to find the distinguished name. Id: Hardcodes the distinguished name to CN={id},OU={users} or CN={id},OU={groups}. Email: Hardcodes the distinguished name to CN={email},OU={users} or CN={email},OU={groups} Note: If Read Method is any other setting than None, the settings described in Membership Configuration will also need configuring.
Export Synchronicity	Allows export operations to be changed from running synchronously. Synchronous: The default setting, which allows for error messages to be propogated to the identity management platform; Asynchronous: Performs operations asynchronously, logging is still performed, however, the return status will always be a success. For asynchronous mode read the documentation before using.

Name

Description

Request Method

The method used to request items.

Customer: Makes requests run using the context of the Customer that has been configured in the Agent
Domain: Makes requests run using the context of the Domain that has been configured in the Agent

Read Method

The method used to generate a group membership distinguished name from the data stored in Google Apps.

None: Does not attempt to generate group member references.
DN: Uses the members id to look up the group or user on their respective adapters to find the distinguished name.
Id: Hardcodes the distinguished name to CN={id},OU={users} or CN={id},OU={groups}.
Email: Hardcodes the distinguished name to CN={email},OU={users} or CN={email},OU={groups}

Note: If Read Method is any other setting than None, the settings described in Membership Configuration will also need configuring.

Export Synchronicity

Allows export operations to be changed from running synchronously. Synchronous: The default setting, which allows for error messages to be propogated to the identity management platform; Asynchronous: Performs operations asynchronously, logging is still performed, however, the return status will always be a success. For asynchronous mode read the documentation before using.

Membership Configuration

If Read Method is not set as None, the following configuration are required.

Name	Description
Save Method	The method used to translate from the exported group memberships back to the Id recognised by Google Apps. DN (default): Searches the configured Adapter to find the matching entity. Id: Assumes that the RDN (the first component in the DN) is a Google Apps Id. Extracts the value and passes it straight to Google Apps without having to look up the item. Email: Assumes that the RDN (the first component in the DN) is a Google Apps email. Extracts the value and passes it straight to Google Apps without having to look up the item.
Google User Adapter	The Adapter that contains Google User information. This is required to read or write group memberships unless both Read Method and Save Method are set as Email.
Google Group	The Adapter that contains Google Group information. This is required to read or write group memberships, unless both Read Method and Save Method are set as Email.
Group Filter	A comma-separated list of whitelist filters to be applied against the end of the group name. Only group names that end in an item in this list will be included in the resultant set of data. Leave blank to not apply any filter. This filter is not performed server side.

Google Scopes

The service account requires specific scopes to perform certain functions:

Operation	Required scope
Reading	`https://www.googleapis.com/auth/admin.directory.group.readonly`
Reading memberships	`https://www.googleapis.com/auth/admin.directory.group.member.readonly`
Reading settings	`https://www.googleapis.com/auth/apps.groups.settings`
Writing	`https://www.googleapis.com/auth/admin.directory.group`
Writing memberships	`https://www.googleapis.com/auth/admin.directory.group.member`
Writing settings	`https://www.googleapis.com/auth/apps.groups.settings`
Deleting	`https://www.googleapis.com/auth/admin.directory.group`

Previous article: Google Apps Domain Shared Contact Connector

Next article: Google Apps Org Unit Connector

Is this article helpful for you?

Replies 0
Oldest first
- Newest first
- Oldest first

Customer support service by UserEcho