Google Workspace Admin Connector
The Google Workspace Admin connector lets you manage Google Workspace users, groups, and application licenses in your PingOne DaVinci flow.
Setup
Resources
For information and setup help, see the following documentation:
-
Google Workspace documentation:
-
DaVinci documentation:
Setting up Google Workspace Admin
Follow the instructions in Using OAuth 2.0 for Server to Server Applications to do the following:
-
Create a service account.
-
Delegate domain-wide authority to the service account and authorize it with the following scopes:
https://www.googleapis.com/auth/admin.directory.user, https://www.googleapis.com/auth/admin.directory.group, https://www.googleapis.com/auth/admin.directory.device.chromeos, https://www.googleapis.com/auth/admin.directory.device.mobile, https://www.googleapis.com/auth/apps.licensing
Setting up the Google Workspace Admin connector configuration
In DaVinci, add a Google Workspace Admin connection. For help, see Adding a connector.
Connector configuration
Service Account Email Address
The email address associated with the Google Workspace service, such as google-workspace-admin@xenon-set-123456.iam.gserviceaccount.com
. You can find this on the Service Accounts page.
Using the connector in a flow
Managing users
The connector has several capabilities that allow you to manage users in Workspace:
-
Create a User
-
Delete a User
-
Update a User
-
Get User Information
No special flow configuration is needed. Add the capability you want and populate its properties according to the help text.
Managing group memberships
The connector has several capabilities that allow you to manage the users that belong to each group in Workspace:
-
Add a User to a Group
-
Remove a User from a Group
No special flow configuration is needed. Add the capability you want and populate its properties according to the help text.
Managing user devices
The connector has several capabilities that allow you to list and take administrative action on the mobile devices associated with users in Workspace:
-
List a User’s Devices
-
Manage a Device
No special flow configuration is needed. Add the capability you want and populate its properties according to the help text.
Managing application licenses
The connector has several capabilities that allow you to manage the applications that each user can access in Workspace:
-
Assign a License to a User
-
Revoke a User’s License
No special flow configuration is needed. Add the capability you want and populate its properties according to the help text.
Creating a custom API call
If you want to do something that isn’t supported by one of the provided capabilities, you can use the Make Custom API Call capability to define your own action.
This capability uses the credentials from your connection to make an API call with the HTTP method, headers, query parameters, and body you specify.
Capabilities
Create a User
Create a new user account
Show details
Properties
- Primary Email
textField
-
The user’s primary email address.
- Password
textField
-
The password to assign to the user account.
- Family Name
textField
-
The user’s last name.
- Given Name
textField
-
The user’s given name.
- Other User Attributes
variableInputList
-
Define additional attributes to add to the user account. For help, see the User Accounts section of the Google Workspace SDK documentation.
Input Schema
- default
object
-
- privateKey
string
required
- iss
string
required
- sub
string
required
- primaryEmail
string
required
- password
string
required
- familyName
string
required
- givenName
string
required
- privateKey
- Output Schema
- output
object
-
- rawResponse
object
- properties
object
- rawResponse
- id
string
- primaryEmail
string
- password
string
- hashFunction
string
- isAdmin
boolean
- isDelegatedAdmin
boolean
- agreedToTerms
boolean
- suspended
boolean
- changePasswordAtNextLogin
boolean
- ipWhitelisted
boolean
- name
object
- properties
object
- givenName
string
- familyName
string
- fullName
string
- kind
string
- etag
string
- emails
array
- items
array
- 0
object
- properties
object
-
- address
string
- customType
string
- type
string
- primary
boolean
- address
- externalIds
array
- items
array
- 0
object
- properties
object
-
- customType
string
- type
string
- value
string
- customType
- relations
array
- items
array
- 0
object
- properties
object
-
- customType
string
- type
string
- value
string
- customType
- aliases
array
- items
array
- 0
string
- isMailboxSetup
boolean
- customerId
string
- addresses
array
- items
array
- 0
object
- properties
object
-
- country
string
- countryCode
string
- customType
string
- extendedAddress
string
- formatted
string
- locality
string
- poBox
string
- postalCode
string
- primary
boolean
- region
string
- sourceIsStructured
boolean
- streetAddress
string
- type
string
- country
- organizations
array
- items
array
- 0
object
- properties
object
-
- costCenter
string
- customType
string
- department
string
- description
string
- domain
string
- fullTimeEquivalent
integer
- location
string
- name
string
- primary
boolean
- symbol
string
- title
string
- type
string
- costCenter
- lastLoginTime
string
- phones
array
- items
array
- 0
object
- properties
object
-
- customType
string
- primary
boolean
- type
string
- value
string
- customType
- suspensionReason
string
- thumbnailPhotoUrl
string
- languages
array
- items
array
- 0
object
- properties
object
-
- customLanguage
string
- languageCode
string
- preference
string
- customLanguage
- posixAccounts
array
- items
array
- 0
object
- properties
object
-
- accountId
string
- gecos
string
- gid
integer
- homeDirectory
string
- operatingSystemType
string
- primary
boolean
- shell
string
- systemId
string
- uid
integer
- username
string
- accountId
- creationTime
string
- nonEditableAliases
array
- items
array
- 0
string
- sshPublicKeys
array
- items
array
- 0
object
- properties
object
-
- expirationTimeUsec
integer
- fingerprint
string
- key
string
- expirationTimeUsec
- notes
object
- properties
object
- contentType
string
- value
string
- websites
array
- items
array
- 0
object
- properties
object
-
- customType
string
- primary
boolean
- type
string
- value
string
- customType
- locations
array
- items
array
- 0
object
- properties
object
-
- area
string
- buildingId
string
- customType
string
- deskCode
string
- floorName
string
- floorSection
string
- type
string
- area
- includeInGlobalAddressList
boolean
- keywords
array
- items
array
- 0
object
- properties
object
-
- customType
string
- type
string
- value
string
- customType
- deletionTime
string
- gender
object
- properties
object
- addressMeAs
string
- customGender
string
- type
string
- thumbnailPhotoEtag
string
- ims
array
- items
array
- 0
object
- properties
object
-
- customProtocol
string
- customType
string
- im
string
- primary
boolean
- protocol
string
- type
string
- customProtocol
- customSchemas
object
- properties
object
- somefield
string
- isEnrolledIn2Sv
boolean
- isEnforcedIn2Sv
boolean
- archived
boolean
- orgUnitPath
string
- recoveryEmail
string
- recoveryPhone
string
-
- statusCode
integer
- headers
object
- properties
object
- statusCode
- etag
string
- content-type
string
- vary
string
- date
string
- server
string
- content-length
string
- x-xss-protection
string
- x-frame-options
string
- x-content-type-options
string
- alt-svc
string
- connection
string
Delete a User
Delete a user account
Show details
Properties
- User Identifier
textField
-
The user’s primary email address, unique user id, or one of the user’s alias email addresses.
Input Schema
- default
object
-
- privateKey
string
required
- iss
string
required
- sub
string
required
- userKey
string
required
- privateKey
- Output Schema
- output
object
-
- rawResponse
string
- statusCode
integer
- headers
object
- properties
object
- rawResponse
- etag
string
- vary
string
- date
string
- content-type
string
- server
string
- content-length
string
- x-xss-protection
string
- x-frame-options
string
- x-content-type-options
string
- alt-svc
string
- connection
string
Get User Information
Get information about a user
Show details
Properties
- User Identifier
textField
-
The user’s primary email address, unique user id, or one of the user’s alias email addresses.
- Requested Fields
dropDown
-
The level of information to request about the user. "Basic" returns a standard set of fields. "Full" returns all fields. "Use Custom Field Schemas" returns the Basic fields as well as specific fields associated with the schemas you enter in "Custom Field Schemas".
-
BASIC
-
CUSTOM
-
FULL
-
- View Type
dropDown
-
The type of fields to request. "Admin View" returns publicly visible and administrator-only fields. "Public View" only returns publicly visible fields.
-
Admin View
-
Domain Public
-
- Output Filter
textFieldArrayView
-
The list of fields for the connector to output to the flow, such as "emails" or "emails.address". Instead of outputting all of the results from the "Requested Attributes", you can filter the results to a list of specific fields. Type a field name and press Enter to add it. Leave this field blank to include all requested fields in the connector output.
- Custom Field Schemas
textFieldArrayView
-
The list of schemas to request. This returns all fields associated with the listed schemas. Type a schema name and press Enter to add it.
Input Schema
- default
object
-
- privateKey
string
required
- iss
string
required
- sub
string
required
- userKey
string
required
- privateKey
- Output Schema
- output
object
-
- rawResponse
object
- properties
object
- rawResponse
- id
string
- primaryEmail
string
- password
string
- hashFunction
string
- isAdmin
boolean
- isDelegatedAdmin
boolean
- agreedToTerms
boolean
- suspended
boolean
- changePasswordAtNextLogin
boolean
- ipWhitelisted
boolean
- name
object
- properties
object
- givenName
string
- familyName
string
- fullName
string
- kind
string
- etag
string
- emails
array
- items
array
- 0
object
- properties
object
-
- address
string
- customType
string
- type
string
- primary
boolean
- address
- externalIds
array
- items
array
- 0
object
- properties
object
-
- customType
string
- type
string
- value
string
- customType
- relations
array
- items
array
- 0
object
- properties
object
-
- customType
string
- type
string
- value
string
- customType
- aliases
array
- items
array
- 0
string
- isMailboxSetup
boolean
- customerId
string
- addresses
array
- items
array
- 0
object
- properties
object
-
- country
string
- countryCode
string
- customType
string
- extendedAddress
string
- formatted
string
- locality
string
- poBox
string
- postalCode
string
- primary
boolean
- region
string
- sourceIsStructured
boolean
- streetAddress
string
- type
string
- country
- organizations
array
- items
array
- 0
object
- properties
object
-
- costCenter
string
- customType
string
- department
string
- description
string
- domain
string
- fullTimeEquivalent
integer
- location
string
- name
string
- primary
boolean
- symbol
string
- title
string
- type
string
- costCenter
- lastLoginTime
string
- phones
array
- items
array
- 0
object
- properties
object
-
- customType
string
- primary
boolean
- type
string
- value
string
- customType
- suspensionReason
string
- thumbnailPhotoUrl
string
- languages
array
- items
array
- 0
object
- properties
object
-
- customLanguage
string
- languageCode
string
- preference
string
- customLanguage
- posixAccounts
array
- items
array
- 0
object
- properties
object
-
- accountId
string
- gecos
string
- gid
integer
- homeDirectory
string
- operatingSystemType
string
- primary
boolean
- shell
string
- systemId
string
- uid
integer
- username
string
- accountId
- creationTime
string
- nonEditableAliases
array
- items
array
- 0
string
- sshPublicKeys
array
- items
array
- 0
object
- properties
object
-
- expirationTimeUsec
integer
- fingerprint
string
- key
string
- expirationTimeUsec
- notes
object
- properties
object
- contentType
string
- value
string
- websites
array
- items
array
- 0
object
- properties
object
-
- customType
string
- primary
boolean
- type
string
- value
string
- customType
- locations
array
- items
array
- 0
object
- properties
object
-
- area
string
- buildingId
string
- customType
string
- deskCode
string
- floorName
string
- floorSection
string
- type
string
- area
- includeInGlobalAddressList
boolean
- keywords
array
- items
array
- 0
object
- properties
object
-
- customType
string
- type
string
- value
string
- customType
- deletionTime
string
- gender
object
- properties
object
- addressMeAs
string
- customGender
string
- type
string
- thumbnailPhotoEtag
string
- ims
array
- items
array
- 0
object
- properties
object
-
- customProtocol
string
- customType
string
- im
string
- primary
boolean
- protocol
string
- type
string
- customProtocol
- customSchemas
object
- properties
object
- somefield
string
- isEnrolledIn2Sv
boolean
- isEnforcedIn2Sv
boolean
- archived
boolean
- orgUnitPath
string
- recoveryEmail
string
- recoveryPhone
string
-
- statusCode
integer
- headers
object
- properties
object
- statusCode
- etag
string
- content-type
string
- vary
string
- date
string
- server
string
- content-length
string
- x-xss-protection
string
- x-frame-options
string
- x-content-type-options
string
- alt-svc
string
- connection
string
Update a User
Update information about a user
Show details
Properties
- User Identifier
textField
-
The user’s primary email address, unique user id, or one of the user’s alias email addresses.
- Other User Attributes
variableInputList
-
Define additional attributes to add to the user account. For help, see the User Accounts section of the Google Workspace SDK documentation.
Input Schema
- default
object
-
- privateKey
string
required
- iss
string
required
- sub
string
required
- userKey
string
required
- privateKey
- Output Schema
- output
object
-
- rawResponse
object
- properties
object
- rawResponse
- id
string
- primaryEmail
string
- password
string
- hashFunction
string
- isAdmin
boolean
- isDelegatedAdmin
boolean
- agreedToTerms
boolean
- suspended
boolean
- changePasswordAtNextLogin
boolean
- ipWhitelisted
boolean
- name
object
- properties
object
- givenName
string
- familyName
string
- fullName
string
- kind
string
- etag
string
- emails
array
- items
array
- 0
object
- properties
object
-
- address
string
- customType
string
- type
string
- primary
boolean
- address
- externalIds
array
- items
array
- 0
object
- properties
object
-
- customType
string
- type
string
- value
string
- customType
- relations
array
- items
array
- 0
object
- properties
object
-
- customType
string
- type
string
- value
string
- customType
- aliases
array
- items
array
- 0
string
- isMailboxSetup
boolean
- customerId
string
- addresses
array
- items
array
- 0
object
- properties
object
-
- country
string
- countryCode
string
- customType
string
- extendedAddress
string
- formatted
string
- locality
string
- poBox
string
- postalCode
string
- primary
boolean
- region
string
- sourceIsStructured
boolean
- streetAddress
string
- type
string
- country
- organizations
array
- items
array
- 0
object
- properties
object
-
- costCenter
string
- customType
string
- department
string
- description
string
- domain
string
- fullTimeEquivalent
integer
- location
string
- name
string
- primary
boolean
- symbol
string
- title
string
- type
string
- costCenter
- lastLoginTime
string
- phones
array
- items
array
- 0
object
- properties
object
-
- customType
string
- primary
boolean
- type
string
- value
string
- customType
- suspensionReason
string
- thumbnailPhotoUrl
string
- languages
array
- items
array
- 0
object
- properties
object
-
- customLanguage
string
- languageCode
string
- preference
string
- customLanguage
- posixAccounts
array
- items
array
- 0
object
- properties
object
-
- accountId
string
- gecos
string
- gid
integer
- homeDirectory
string
- operatingSystemType
string
- primary
boolean
- shell
string
- systemId
string
- uid
integer
- username
string
- accountId
- creationTime
string
- nonEditableAliases
array
- items
array
- 0
string
- sshPublicKeys
array
- items
array
- 0
object
- properties
object
-
- expirationTimeUsec
integer
- fingerprint
string
- key
string
- expirationTimeUsec
- notes
object
- properties
object
- contentType
string
- value
string
- websites
array
- items
array
- 0
object
- properties
object
-
- customType
string
- primary
boolean
- type
string
- value
string
- customType
- locations
array
- items
array
- 0
object
- properties
object
-
- area
string
- buildingId
string
- customType
string
- deskCode
string
- floorName
string
- floorSection
string
- type
string
- area
- includeInGlobalAddressList
boolean
- keywords
array
- items
array
- 0
object
- properties
object
-
- customType
string
- type
string
- value
string
- customType
- deletionTime
string
- gender
object
- properties
object
- addressMeAs
string
- customGender
string
- type
string
- thumbnailPhotoEtag
string
- ims
array
- items
array
- 0
object
- properties
object
-
- customProtocol
string
- customType
string
- im
string
- primary
boolean
- protocol
string
- type
string
- customProtocol
- customSchemas
object
- properties
object
- somefield
string
- isEnrolledIn2Sv
boolean
- isEnforcedIn2Sv
boolean
- archived
boolean
- orgUnitPath
string
- recoveryEmail
string
- recoveryPhone
string
-
- statusCode
integer
- headers
object
- properties
object
- statusCode
- etag
string
- content-type
string
- vary
string
- date
string
- server
string
- content-length
string
- x-xss-protection
string
- x-frame-options
string
- x-content-type-options
string
- alt-svc
string
- connection
string
Add a User to a Group
Add a user to a group
Show details
Properties
- Group Identifier
textField
-
The group’s primary email address, unique group id, or alias.
- Member Email
textField
-
The member’s email address. The member can be a user or another group.
- Member Role
dropDown
-
The role to assign the member in the group.
-
Manager
-
Member
-
Owner
-
- Member Type
dropDown
-
The type of member in the group.
-
Customer
-
External
-
Group
-
User
-
- Member Email Delivery Settings
dropDown
-
The member’s email delivery frequency.
-
ALL_MAIL
-
DAILY
-
DIGEST
-
DISABLED
-
NONE
-
Input Schema
- default
object
-
- privateKey
string
required
- iss
string
required
- sub
string
required
- groupKey
string
required
- memberEmail
string
required
- privateKey
- Output Schema
- output
object
-
- rawResponse
object
- properties
object
- rawResponse
- id
string
- email
string
- name
string
- description
string
- adminCreated
boolean
- directMembersCount
string
- kind
string
- etag
string
- aliases
array
- items
array
- type
string
- nonEditableAliases
array
- items
array
- type
string
-
- statusCode
integer
- headers
object
- properties
object
- statusCode
- etag
string
- content-type
string
- vary
string
- date
string
- server
string
- content-length
string
- x-xss-protection
string
- x-frame-options
string
- x-content-type-options
string
- alt-svc
string
- connection
string
Remove a User from a Group
Remove a user from a group
Show details
Properties
- Member Key
textField
-
Identifies the group member in the API request.
- Group Identifier
textField
-
The group’s primary email address, unique group id, or alias.
Input Schema
- default
object
-
- privateKey
string
required
- iss
string
required
- sub
string
required
- groupKey
string
required
- memberKey
string
required
- privateKey
- Output Schema
- output
object
-
- statusCode
integer
- headers
object
- properties
object
- statusCode
- vary
string
- date
string
- content-type
string
- server
string
- content-length
string
- x-xss-protection
string
- x-frame-options
string
- x-content-type-options
string
- alt-svc
string
- connection
string
List a User’s Devices
Query Google Workspace for a list of devices associated with a user account
Show details
Properties
- Customer ID
textField
-
The unique ID for the customer’s Google Workspace account, such as "C123abc4d". This ID is available from the "Get User Information" capability.
- Maximum Number of Results
textField
-
The maximum number of results to return from the query, up to 100.
- Device Order
dropDown
-
The device property to use for sorting results.
-
DEVICE_ID
-
EMAIL
-
LAST_SYNC
-
MODEL
-
NAME
-
OS
-
STATUS
-
TYPE
-
- Requested Device Fields
dropDown
-
The level of information to request about the device. "Basic" returns a standard set of fields. "Full" returns all fields.
-
BASIC
-
FULL
-
- Query String
textField
-
The query used to search for devices, such as "status:approved" or "os:Android". For help, see documentation for "Mobile device search fields" section of the Google Workspace SDK Directory API documentation.
- Sort Order
dropDown
-
The sort order for the list of devices. This is required if you have selected a "Device Order" option.
-
ASCENDING
-
DESCENDING
-
- Page Token
textField
-
The token used to specify the next page in the results, such as "3". Use this to get pages of results for queries that return more than the maximum number of results.
Input Schema
- default
object
-
- privateKey
string
required
- iss
string
required
- sub
string
required
- customerId
string
required
- maxResults
number
- orderBy
string
- deviceProjection
string
- query
string
- sortOrder
string
- privateKey
- Output Schema
- output
object
-
- kind
string
- etag
string
- mobiledevices
array
- items
array
- kind
- 0
object
- properties
object
- kind
string
- etag
string
- resourceId
string
- deviceId
string
- name
array
- items
array
-
- 0
string
- 0
- email
array
- items
array
-
- 0
string
- 0
- model
string
- os
string
- type
string
- status
string
- hardwareId
string
- firstSync
string
- lastSync
string
- userAgent
string
- serialNumber
string
- imei
string
- meid
string
- wifiMacAddress
string
- networkOperator
string
- defaultLanguage
string
- managedAccountIsOnOwnerProfile
boolean
- deviceCompromisedStatus
string
- buildNumber
string
- kernelVersion
string
- basebandVersion
string
- unknownSourcesStatus
boolean
- developerOptionsStatus
boolean
- otherAccountsInfo
array
- items
array
-
- 0
string
- 0
- adbStatus
boolean
- supportsWorkProfile
boolean
- manufacturer
string
- releaseVersion
string
- securityPatchLevel
string
- brand
string
- bootloaderVersion
string
- hardware
string
- encryptionStatus
string
- devicePasswordStatus
string
- privilege
string
- applications
array
- items
array
-
- 0
object
- properties
object
- 0
- packageName
string
- displayName
string
- versionName
string
- versionCode
string
- permission
array
- items
array
- 0
string
-
- nextPageToken
string
- nextPageToken
Manage a Device
Take administrative action on a device, such as approving, blocking, or wiping data
Show details
Properties
- Customer ID
textField
-
The unique ID for the customer’s Google Workspace account, such as "C123abc4d". This ID is available from the "Get User Information" capability.
- Device ID
textField
-
The device ID, such as "AFiQxQ-WO…YM-hf080OZy".
- Action
dropDown
-
The administrative action to take on the device.
-
Admin remote wipe
-
Admin account wipe
-
Approve
-
Block
-
Cancel remote wipe then activate
-
Cancel remote wipe then block
-
Input Schema
- default
object
-
- privateKey
string
required
- iss
string
required
- sub
string
required
- customerId
string
required
- resourceId
string
required
- action
string
required
- privateKey
- Output Schema
- output
object
-
- rawResponse
string
- statusCode
integer
- headers
object
- properties
object
- rawResponse
- etag
string
- vary
string
- date
string
- content-type
string
- server
string
- content-length
string
- x-xss-protection
string
- x-frame-options
string
- x-content-type-options
string
- alt-svc
string
- connection
string
Assign a License to a User
Grant a user access to a product by assigning a license
Show details
Properties
- Product ID
textField
-
The product ID, such as "Google-Apps".
- SKU ID
textField
-
The SKU ID, such as "Google-Apps-For-Business".
- User ID
textField
-
The user’s primary email address.
Input Schema
- default
object
-
- privateKey
string
required
- iss
string
required
- sub
string
required
- productId
string
required
- skuId
string
required
- licenseUserId
string
required
- privateKey
- Output Schema
- output
object
-
- rawResponse
object
- properties
object
- rawResponse
- userId
string
-
- statusCode
integer
- headers
object
- properties
object
- statusCode
- etag
string
- content-type
string
- vary
string
- date
string
- server
string
- content-length
string
- x-xss-protection
string
- x-frame-options
string
- x-content-type-options
string
- alt-svc
string
- connection
string
Revoke a User’s License
Remove a user’s access to a product by revoking a license
Show details
Properties
- Product ID
textField
-
The product ID, such as "Google-Apps".
- SKU ID
textField
-
The SKU ID, such as "Google-Apps-For-Business".
- User ID
textField
-
The user’s primary email address.
Input Schema
- default
object
-
- privateKey
string
required
- iss
string
required
- sub
string
required
- productId
string
required
- skuId
string
required
- licenseUserId
string
required
- privateKey
- Output Schema
- output
object
-
- statusCode
integer
- headers
object
- properties
object
- statusCode
- etag
string
- content-type
string
- vary
string
- date
string
- server
string
- content-length
string
- x-xss-protection
string
- x-frame-options
string
- x-content-type-options
string
- alt-svc
string
- connection
string
Make a Custom API Call
Define and use your own call to the Google Workspace Admin REST API
Show details
Properties
- Endpoint
textField
required
-
The Workspace API endpoint, such as "https://admin.googleapis.com/admin/directory/v1/users/user@example.com".
- HTTP Method
dropDown
required
-
The HTTP method of the API call.
-
GET
-
POST
-
PUT
-
DELETE
-
- Query Parameters
keyValueList
-
Query parameters for the request.
- Additional Headers
keyValueList
-
Define additional headers to send to Workspace. For help, see the Google Workspace API documentation.
- Body
codeEditor
-
The body of the API call.
Input Schema
- default
object
-
- privateKey
string
required
- iss
string
required
- sub
string
required
- endpoint
string
required
- method
string
required
- privateKey
- Output Schema
- output
object
-
- rawResponse
object
- statusCode
integer
- headers
object
- properties
object
- rawResponse
- etag
string
- content-type
string
- vary
string
- date
string
- server
string
- content-length
string
- x-xss-protection
string
- x-frame-options
string
- x-content-type-options
string
- alt-svc
string
- connection
string