Connectors

Google Workspace Admin Connector

The Google Workspace Admin connector lets you manage Google Workspace users, groups, and application licenses in your PingOne DaVinci flow.

Setup

Resources

For information and setup help, see the following documentation:

Requirements

To use the connector, you’ll need administrator access for your Google organization.

Setting up Google Workspace Admin

Follow the instructions in Using OAuth 2.0 for Server to Server Applications to do the following:

  1. Create a service account.

  2. Delegate domain-wide authority to the service account and authorize it with the following scopes:

    https://www.googleapis.com/auth/admin.directory.user,
    https://www.googleapis.com/auth/admin.directory.group,
    https://www.googleapis.com/auth/admin.directory.device.chromeos,
    https://www.googleapis.com/auth/admin.directory.device.mobile,
    https://www.googleapis.com/auth/apps.licensing

Setting up the Google Workspace Admin connector configuration

In DaVinci, add a Google Workspace Admin connection. For help, see Adding a connector.

Connector configuration

Service Account Email Address

The email address associated with the Google Workspace service, such as google-workspace-admin@xenon-set-123456.iam.gserviceaccount.com. You can find this on the Service Accounts page.

A screen capture of the service account page.
Admin Email Address

The email address you use to sign on to Workspace as an administrator.

Private Key

The private key associated with the public key that you added to the Google Workspace Admin service.

If you allowed Workspace to generate the key pair, open the downloaded .json file and copy the private key value.

A screen capture of the .json file with the private key highlighted.

Using the connector in a flow

Managing users

The connector has several capabilities that allow you to manage users in Workspace:

  • Create a User

  • Delete a User

  • Update a User

  • Get User Information

No special flow configuration is needed. Add the capability you want and populate its properties according to the help text.

Managing group memberships

The connector has several capabilities that allow you to manage the users that belong to each group in Workspace:

  • Add a User to a Group

  • Remove a User from a Group

No special flow configuration is needed. Add the capability you want and populate its properties according to the help text.

Managing user devices

The connector has several capabilities that allow you to list and take administrative action on the mobile devices associated with users in Workspace:

  • List a User’s Devices

  • Manage a Device

No special flow configuration is needed. Add the capability you want and populate its properties according to the help text.

Managing application licenses

The connector has several capabilities that allow you to manage the applications that each user can access in Workspace:

  • Assign a License to a User

  • Revoke a User’s License

No special flow configuration is needed. Add the capability you want and populate its properties according to the help text.

Creating a custom API call

If you want to do something that isn’t supported by one of the provided capabilities, you can use the Make Custom API Call capability to define your own action.

This capability uses the credentials from your connection to make an API call with the HTTP method, headers, query parameters, and body you specify.

Capabilities

Create a User

Create a new user account

Show details

Properties

Primary Email textField

The user’s primary email address.

Password textField

The password to assign to the user account.

Family Name textField

The user’s last name.

Given Name textField

The user’s given name.

Other User Attributes variableInputList

Define additional attributes to add to the user account. For help, see the User Accounts section of the Google Workspace SDK documentation.

Input Schema

default object
privateKey string required
iss string required
sub string required
primaryEmail string required
password string required
familyName string required
givenName string required
Output Schema
output object
rawResponse object
properties object
id string
primaryEmail string
password string
hashFunction string
isAdmin boolean
isDelegatedAdmin boolean
agreedToTerms boolean
suspended boolean
changePasswordAtNextLogin boolean
ipWhitelisted boolean
name object
properties object
givenName string
familyName string
fullName string
kind string
etag string
emails array
items array
0 object
properties object
address string
customType string
type string
primary boolean
externalIds array
items array
0 object
properties object
customType string
type string
value string
relations array
items array
0 object
properties object
customType string
type string
value string
aliases array
items array
0 string
isMailboxSetup boolean
customerId string
addresses array
items array
0 object
properties object
country string
countryCode string
customType string
extendedAddress string
formatted string
locality string
poBox string
postalCode string
primary boolean
region string
sourceIsStructured boolean
streetAddress string
type string
organizations array
items array
0 object
properties object
costCenter string
customType string
department string
description string
domain string
fullTimeEquivalent integer
location string
name string
primary boolean
symbol string
title string
type string
lastLoginTime string
phones array
items array
0 object
properties object
customType string
primary boolean
type string
value string
suspensionReason string
thumbnailPhotoUrl string
languages array
items array
0 object
properties object
customLanguage string
languageCode string
preference string
posixAccounts array
items array
0 object
properties object
accountId string
gecos string
gid integer
homeDirectory string
operatingSystemType string
primary boolean
shell string
systemId string
uid integer
username string
creationTime string
nonEditableAliases array
items array
0 string
sshPublicKeys array
items array
0 object
properties object
expirationTimeUsec integer
fingerprint string
key string
notes object
properties object
contentType string
value string
websites array
items array
0 object
properties object
customType string
primary boolean
type string
value string
locations array
items array
0 object
properties object
area string
buildingId string
customType string
deskCode string
floorName string
floorSection string
type string
includeInGlobalAddressList boolean
keywords array
items array
0 object
properties object
customType string
type string
value string
deletionTime string
gender object
properties object
addressMeAs string
customGender string
type string
thumbnailPhotoEtag string
ims array
items array
0 object
properties object
customProtocol string
customType string
im string
primary boolean
protocol string
type string
customSchemas object
properties object
somefield string
isEnrolledIn2Sv boolean
isEnforcedIn2Sv boolean
archived boolean
orgUnitPath string
recoveryEmail string
recoveryPhone string
statusCode integer
headers object
properties object
etag string
content-type string
vary string
date string
server string
content-length string
x-xss-protection string
x-frame-options string
x-content-type-options string
alt-svc string
connection string

Delete a User

Delete a user account

Show details

Properties

User Identifier textField

The user’s primary email address, unique user id, or one of the user’s alias email addresses.

Input Schema

default object
privateKey string required
iss string required
sub string required
userKey string required
Output Schema
output object
rawResponse string
statusCode integer
headers object
properties object
etag string
vary string
date string
content-type string
server string
content-length string
x-xss-protection string
x-frame-options string
x-content-type-options string
alt-svc string
connection string

Get User Information

Get information about a user

Show details

Properties

User Identifier textField

The user’s primary email address, unique user id, or one of the user’s alias email addresses.

Requested Fields dropDown

The level of information to request about the user. "Basic" returns a standard set of fields. "Full" returns all fields. "Use Custom Field Schemas" returns the Basic fields as well as specific fields associated with the schemas you enter in "Custom Field Schemas".

  • BASIC

  • CUSTOM

  • FULL

View Type dropDown

The type of fields to request. "Admin View" returns publicly visible and administrator-only fields. "Public View" only returns publicly visible fields.

  • Admin View

  • Domain Public

Output Filter textFieldArrayView

The list of fields for the connector to output to the flow, such as "emails" or "emails.address". Instead of outputting all of the results from the "Requested Attributes", you can filter the results to a list of specific fields. Type a field name and press Enter to add it. Leave this field blank to include all requested fields in the connector output.

Custom Field Schemas textFieldArrayView

The list of schemas to request. This returns all fields associated with the listed schemas. Type a schema name and press Enter to add it.

Input Schema

default object
privateKey string required
iss string required
sub string required
userKey string required
Output Schema
output object
rawResponse object
properties object
id string
primaryEmail string
password string
hashFunction string
isAdmin boolean
isDelegatedAdmin boolean
agreedToTerms boolean
suspended boolean
changePasswordAtNextLogin boolean
ipWhitelisted boolean
name object
properties object
givenName string
familyName string
fullName string
kind string
etag string
emails array
items array
0 object
properties object
address string
customType string
type string
primary boolean
externalIds array
items array
0 object
properties object
customType string
type string
value string
relations array
items array
0 object
properties object
customType string
type string
value string
aliases array
items array
0 string
isMailboxSetup boolean
customerId string
addresses array
items array
0 object
properties object
country string
countryCode string
customType string
extendedAddress string
formatted string
locality string
poBox string
postalCode string
primary boolean
region string
sourceIsStructured boolean
streetAddress string
type string
organizations array
items array
0 object
properties object
costCenter string
customType string
department string
description string
domain string
fullTimeEquivalent integer
location string
name string
primary boolean
symbol string
title string
type string
lastLoginTime string
phones array
items array
0 object
properties object
customType string
primary boolean
type string
value string
suspensionReason string
thumbnailPhotoUrl string
languages array
items array
0 object
properties object
customLanguage string
languageCode string
preference string
posixAccounts array
items array
0 object
properties object
accountId string
gecos string
gid integer
homeDirectory string
operatingSystemType string
primary boolean
shell string
systemId string
uid integer
username string
creationTime string
nonEditableAliases array
items array
0 string
sshPublicKeys array
items array
0 object
properties object
expirationTimeUsec integer
fingerprint string
key string
notes object
properties object
contentType string
value string
websites array
items array
0 object
properties object
customType string
primary boolean
type string
value string
locations array
items array
0 object
properties object
area string
buildingId string
customType string
deskCode string
floorName string
floorSection string
type string
includeInGlobalAddressList boolean
keywords array
items array
0 object
properties object
customType string
type string
value string
deletionTime string
gender object
properties object
addressMeAs string
customGender string
type string
thumbnailPhotoEtag string
ims array
items array
0 object
properties object
customProtocol string
customType string
im string
primary boolean
protocol string
type string
customSchemas object
properties object
somefield string
isEnrolledIn2Sv boolean
isEnforcedIn2Sv boolean
archived boolean
orgUnitPath string
recoveryEmail string
recoveryPhone string
statusCode integer
headers object
properties object
etag string
content-type string
vary string
date string
server string
content-length string
x-xss-protection string
x-frame-options string
x-content-type-options string
alt-svc string
connection string

Update a User

Update information about a user

Show details

Properties

User Identifier textField

The user’s primary email address, unique user id, or one of the user’s alias email addresses.

Other User Attributes variableInputList

Define additional attributes to add to the user account. For help, see the User Accounts section of the Google Workspace SDK documentation.

Input Schema

default object
privateKey string required
iss string required
sub string required
userKey string required
Output Schema
output object
rawResponse object
properties object
id string
primaryEmail string
password string
hashFunction string
isAdmin boolean
isDelegatedAdmin boolean
agreedToTerms boolean
suspended boolean
changePasswordAtNextLogin boolean
ipWhitelisted boolean
name object
properties object
givenName string
familyName string
fullName string
kind string
etag string
emails array
items array
0 object
properties object
address string
customType string
type string
primary boolean
externalIds array
items array
0 object
properties object
customType string
type string
value string
relations array
items array
0 object
properties object
customType string
type string
value string
aliases array
items array
0 string
isMailboxSetup boolean
customerId string
addresses array
items array
0 object
properties object
country string
countryCode string
customType string
extendedAddress string
formatted string
locality string
poBox string
postalCode string
primary boolean
region string
sourceIsStructured boolean
streetAddress string
type string
organizations array
items array
0 object
properties object
costCenter string
customType string
department string
description string
domain string
fullTimeEquivalent integer
location string
name string
primary boolean
symbol string
title string
type string
lastLoginTime string
phones array
items array
0 object
properties object
customType string
primary boolean
type string
value string
suspensionReason string
thumbnailPhotoUrl string
languages array
items array
0 object
properties object
customLanguage string
languageCode string
preference string
posixAccounts array
items array
0 object
properties object
accountId string
gecos string
gid integer
homeDirectory string
operatingSystemType string
primary boolean
shell string
systemId string
uid integer
username string
creationTime string
nonEditableAliases array
items array
0 string
sshPublicKeys array
items array
0 object
properties object
expirationTimeUsec integer
fingerprint string
key string
notes object
properties object
contentType string
value string
websites array
items array
0 object
properties object
customType string
primary boolean
type string
value string
locations array
items array
0 object
properties object
area string
buildingId string
customType string
deskCode string
floorName string
floorSection string
type string
includeInGlobalAddressList boolean
keywords array
items array
0 object
properties object
customType string
type string
value string
deletionTime string
gender object
properties object
addressMeAs string
customGender string
type string
thumbnailPhotoEtag string
ims array
items array
0 object
properties object
customProtocol string
customType string
im string
primary boolean
protocol string
type string
customSchemas object
properties object
somefield string
isEnrolledIn2Sv boolean
isEnforcedIn2Sv boolean
archived boolean
orgUnitPath string
recoveryEmail string
recoveryPhone string
statusCode integer
headers object
properties object
etag string
content-type string
vary string
date string
server string
content-length string
x-xss-protection string
x-frame-options string
x-content-type-options string
alt-svc string
connection string

Add a User to a Group

Add a user to a group

Show details

Properties

Group Identifier textField

The group’s primary email address, unique group id, or alias.

Member Email textField

The member’s email address. The member can be a user or another group.

Member Role dropDown

The role to assign the member in the group.

  • Manager

  • Member

  • Owner

Member Type dropDown

The type of member in the group.

  • Customer

  • External

  • Group

  • User

Member Email Delivery Settings dropDown

The member’s email delivery frequency.

  • ALL_MAIL

  • DAILY

  • DIGEST

  • DISABLED

  • NONE

Input Schema

default object
privateKey string required
iss string required
sub string required
groupKey string required
memberEmail string required
Output Schema
output object
rawResponse object
properties object
id string
email string
name string
description string
adminCreated boolean
directMembersCount string
kind string
etag string
aliases array
items array
type string
nonEditableAliases array
items array
type string
statusCode integer
headers object
properties object
etag string
content-type string
vary string
date string
server string
content-length string
x-xss-protection string
x-frame-options string
x-content-type-options string
alt-svc string
connection string

Remove a User from a Group

Remove a user from a group

Show details

Properties

Member Key textField

Identifies the group member in the API request.

Group Identifier textField

The group’s primary email address, unique group id, or alias.

Input Schema

default object
privateKey string required
iss string required
sub string required
groupKey string required
memberKey string required
Output Schema
output object
statusCode integer
headers object
properties object
vary string
date string
content-type string
server string
content-length string
x-xss-protection string
x-frame-options string
x-content-type-options string
alt-svc string
connection string

List a User’s Devices

Query Google Workspace for a list of devices associated with a user account

Show details

Properties

Customer ID textField

The unique ID for the customer’s Google Workspace account, such as "C123abc4d". This ID is available from the "Get User Information" capability.

Maximum Number of Results textField

The maximum number of results to return from the query, up to 100.

Device Order dropDown

The device property to use for sorting results.

  • DEVICE_ID

  • EMAIL

  • LAST_SYNC

  • MODEL

  • NAME

  • OS

  • STATUS

  • TYPE

Requested Device Fields dropDown

The level of information to request about the device. "Basic" returns a standard set of fields. "Full" returns all fields.

  • BASIC

  • FULL

Query String textField

The query used to search for devices, such as "status:approved" or "os:Android". For help, see documentation for "Mobile device search fields" section of the Google Workspace SDK Directory API documentation.

Sort Order dropDown

The sort order for the list of devices. This is required if you have selected a "Device Order" option.

  • ASCENDING

  • DESCENDING

Page Token textField

The token used to specify the next page in the results, such as "3". Use this to get pages of results for queries that return more than the maximum number of results.

Input Schema

default object
privateKey string required
iss string required
sub string required
customerId string required
maxResults number
orderBy string
deviceProjection string
query string
sortOrder string
Output Schema
output object
kind string
etag string
mobiledevices array
items array
0 object
properties object
kind string
etag string
resourceId string
deviceId string
name array
items array
0 string
email array
items array
0 string
model string
os string
type string
status string
hardwareId string
firstSync string
lastSync string
userAgent string
serialNumber string
imei string
meid string
wifiMacAddress string
networkOperator string
defaultLanguage string
managedAccountIsOnOwnerProfile boolean
deviceCompromisedStatus string
buildNumber string
kernelVersion string
basebandVersion string
unknownSourcesStatus boolean
developerOptionsStatus boolean
otherAccountsInfo array
items array
0 string
adbStatus boolean
supportsWorkProfile boolean
manufacturer string
releaseVersion string
securityPatchLevel string
brand string
bootloaderVersion string
hardware string
encryptionStatus string
devicePasswordStatus string
privilege string
applications array
items array
0 object
properties object
packageName string
displayName string
versionName string
versionCode string
permission array
items array
0 string
nextPageToken string

Manage a Device

Take administrative action on a device, such as approving, blocking, or wiping data

Show details

Properties

Customer ID textField

The unique ID for the customer’s Google Workspace account, such as "C123abc4d". This ID is available from the "Get User Information" capability.

Device ID textField

The device ID, such as "AFiQxQ-WO…YM-hf080OZy".

Action dropDown

The administrative action to take on the device.

  • Admin remote wipe

  • Admin account wipe

  • Approve

  • Block

  • Cancel remote wipe then activate

  • Cancel remote wipe then block

Input Schema

default object
privateKey string required
iss string required
sub string required
customerId string required
resourceId string required
action string required
Output Schema
output object
rawResponse string
statusCode integer
headers object
properties object
etag string
vary string
date string
content-type string
server string
content-length string
x-xss-protection string
x-frame-options string
x-content-type-options string
alt-svc string
connection string

Assign a License to a User

Grant a user access to a product by assigning a license

Show details

Properties

Product ID textField

The product ID, such as "Google-Apps".

SKU ID textField

The SKU ID, such as "Google-Apps-For-Business".

User ID textField

The user’s primary email address.

Input Schema

default object
privateKey string required
iss string required
sub string required
productId string required
skuId string required
licenseUserId string required
Output Schema
output object
rawResponse object
properties object
userId string
statusCode integer
headers object
properties object
etag string
content-type string
vary string
date string
server string
content-length string
x-xss-protection string
x-frame-options string
x-content-type-options string
alt-svc string
connection string

Revoke a User’s License

Remove a user’s access to a product by revoking a license

Show details

Properties

Product ID textField

The product ID, such as "Google-Apps".

SKU ID textField

The SKU ID, such as "Google-Apps-For-Business".

User ID textField

The user’s primary email address.

Input Schema

default object
privateKey string required
iss string required
sub string required
productId string required
skuId string required
licenseUserId string required
Output Schema
output object
statusCode integer
headers object
properties object
etag string
content-type string
vary string
date string
server string
content-length string
x-xss-protection string
x-frame-options string
x-content-type-options string
alt-svc string
connection string

Make a Custom API Call

Define and use your own call to the Google Workspace Admin REST API

Show details

Properties

Endpoint textField required

The Workspace API endpoint, such as "https://admin.googleapis.com/admin/directory/v1/users/user@example.com".

HTTP Method dropDown required

The HTTP method of the API call.

  • GET

  • POST

  • PUT

  • DELETE

Query Parameters keyValueList

Query parameters for the request.

Additional Headers keyValueList

Define additional headers to send to Workspace. For help, see the Google Workspace API documentation.

Body codeEditor

The body of the API call.

Input Schema

default object
privateKey string required
iss string required
sub string required
endpoint string required
method string required
Output Schema
output object
rawResponse object
statusCode integer
headers object
properties object
etag string
content-type string
vary string
date string
server string
content-length string
x-xss-protection string
x-frame-options string
x-content-type-options string
alt-svc string
connection string