Google Apps User Connector


A Google User connector is a reading, writing and deleting connector provided by UNIFY Identity Broker for Google Apps.

This connector encapsulates the information that is available through the Google Apps user API.

Technical Requirements

If the use of the emails and externalId fields in the Flattened Fields schema (see below) are not required, the Google User connector has no additional requirements following that listed connector prerequisites.

If these fields are to be used, to function correctly they require all emails or externalIds associated with a user account to have their type attribute set. In the case this value is set as custom, a custom type name should be assigned to the customType attribute.


A Google User connector encapsulates User data which is made available through the Google Apps user API.

Reading Yes
Writing Yes
Deleting Yes
Polling No
Set password Yes


The User connector provides two Schema Providers, Default and Flattened Fields.

Default Schema

Fields in the Default scheme provider refer to data fields in the Google user API of the same name. Several data points which return multiple value are stored as Multi-value Strings.

Flattened Fields Schema

The Default schema provides three fields which can be repackaged with the use of the Flattened Fields Schema: emails, externalIds and organizations.

In the case of organizations, the attributes for the primary organization are extracted and made available as individual fields. The naming convention of these fields is FlattenedPrimaryOrganization:<attribute name>.

For the emails and externalId fields, the Flattened Fields schema contains two fields, FlattenedEmail:ExampleType and FlattenedExternalId:ExampleType. These fields do not get assigned directly, but act as a template using the value of the type attribute, or customType attribute if type is set as 'custom'. The value of each externalId or email is placed into a field that is named for its type or customType.


The configuration for a Google User connector is as follows:

Name Description
Request Method

The method used to request items.

  • Customer: Makes requests run using the context of the Customer that has been configured in the Agent
  • Domain: Makes requests run using the context of the Domain that has been configured in the Agent.
Query The query to be executed by Google. Look up Google documentation for the correct format of the field.
Password Script

The password generator script allows for an initial password to be set. To use, set the $components. Password property to the desired value. The default script is:

$guid = [System.Guid]::NewGuid();
$components.Password = $guid.ToString();
Export Synchronicity Allows export operations to be changed from running synchronously. Synchronous: The default setting, which allows for error messages to be propogated to the identity management platform; Asynchronous: Performs operations asynchronously, logging is still performed, however, the return status will always be a success. For asynchronous mode read the documentation before using.

Google Scopes

The service account requires specific scopes to perform certain functions:

Operation Required scope
Writing aliases
Set password

XML Field Schema

Several fields in the User connector are XML formatted strings. The schema for each of these XML blobs are listed below.

File Size (bytes)
UserAddressSchema.xsd 1538
UserEmailSchema.xsd 873
UserExternalIdSchema.xsd 867
UserImSchema.xsd 1576
UserOrganizationSchema.xsd 1394
UserPhoneSchema.xsd 1614
UserRelationSchema.xsd 1299

Is this article helpful for you?