Google Workspace Admin Connector
The Google Workspace Admin connector lets you manage Google Workspace users, groups, and application licenses in your PingOne DaVinci flow.
Setup
Resources
For information and setup help, see the following documentation:
-
Google Workspace documentation:
-
DaVinci documentation:
Setting up Google Workspace Admin
Follow the instructions in Using OAuth 2.0 for Server to Server Applications to do the following:
-
Create a service account.
-
Delegate domain-wide authority to the service account and authorize it with the following scopes:
https://www.googleapis.com/auth/admin.directory.user, https://www.googleapis.com/auth/admin.directory.group, https://www.googleapis.com/auth/admin.directory.device.chromeos, https://www.googleapis.com/auth/admin.directory.device.mobile, https://www.googleapis.com/auth/apps.licensing
Setting up the Google Workspace Admin connector configuration
In DaVinci, add a Google Workspace Admin connection. For help, see Adding a connector.
Connector configuration
Service Account Email Address
The email address associated with the Google Workspace service, such as google-workspace-admin@xenon-set-123456.iam.gserviceaccount.com. You can find this on the Service Accounts page.
Using the connector in a flow
Managing users
The connector has several capabilities that allow you to manage users in Workspace:
-
Create a User
-
Delete a User
-
Update a User
-
Get User Information
No special flow configuration is needed. Add the capability you want and populate its properties according to the help text.
Managing group memberships
The connector has several capabilities that allow you to manage the users that belong to each group in Workspace:
-
Add a User to a Group
-
Remove a User from a Group
No special flow configuration is needed. Add the capability you want and populate its properties according to the help text.
Managing user devices
The connector has several capabilities that allow you to list and take administrative action on the mobile devices associated with users in Workspace:
-
List a User’s Devices
-
Manage a Device
No special flow configuration is needed. Add the capability you want and populate its properties according to the help text.
Managing application licenses
The connector has several capabilities that allow you to manage the applications that each user can access in Workspace:
-
Assign a License to a User
-
Revoke a User’s License
No special flow configuration is needed. Add the capability you want and populate its properties according to the help text.
Creating a custom API call
If you want to do something that isn’t supported by one of the provided capabilities, you can use the Make Custom API Call capability to define your own action.
This capability uses the credentials from your connection to make an API call with the HTTP method, headers, query parameters, and body you specify.
Capabilities
Create a User
Create a new user account
Show details
-
Properties
-
Input Schema
-
Output Schema
- Primary Email textField
-
The user’s primary email address.
- Password textField
-
The password to assign to the user account.
- Family Name textField
-
The user’s last name.
- Given Name textField
-
The user’s given name.
- Other User Attributes variableInputList
-
Define additional attributes to add to the user account. For help, see the User Accounts section of the Google Workspace SDK documentation.
-
default object
-
properties object
-
privateKey string required
-
iss string required
-
sub string required
-
primaryEmail string required
-
password string required
-
familyName string required
-
givenName string required
-
-
-
output object
-
rawResponse object
-
id string
-
primaryEmail string
-
password string
-
hashFunction string
-
isAdmin boolean
-
isDelegatedAdmin boolean
-
agreedToTerms boolean
-
suspended boolean
-
changePasswordAtNextLogin boolean
-
ipWhitelisted boolean
-
name object
-
givenName string
-
familyName string
-
fullName string
-
-
kind string
-
etag string
-
emails array
-
Array Item Schema object
-
address string
-
customType string
-
type string
-
primary boolean
-
-
-
externalIds array
-
Array Item Schema object
-
customType string
-
type string
-
value string
-
-
-
relations array
-
Array Item Schema object
-
customType string
-
type string
-
value string
-
-
-
aliases array
-
Array Item Schema string
-
-
isMailboxSetup boolean
-
customerId string
-
addresses array
-
Array Item Schema object
-
country string
-
countryCode string
-
customType string
-
extendedAddress string
-
formatted string
-
locality string
-
poBox string
-
postalCode string
-
primary boolean
-
region string
-
sourceIsStructured boolean
-
streetAddress string
-
type string
-
-
-
organizations array
-
Array Item Schema object
-
costCenter string
-
customType string
-
department string
-
description string
-
domain string
-
fullTimeEquivalent integer
-
location string
-
name string
-
primary boolean
-
symbol string
-
title string
-
type string
-
-
-
lastLoginTime string
-
phones array
-
Array Item Schema object
-
customType string
-
primary boolean
-
type string
-
value string
-
-
-
suspensionReason string
-
thumbnailPhotoUrl string
-
languages array
-
Array Item Schema object
-
customLanguage string
-
languageCode string
-
preference string
-
-
-
posixAccounts array
-
Array Item Schema object
-
accountId string
-
gecos string
-
gid integer
-
homeDirectory string
-
operatingSystemType string
-
primary boolean
-
shell string
-
systemId string
-
uid integer
-
username string
-
-
-
creationTime string
-
nonEditableAliases array
-
Array Item Schema string
-
-
sshPublicKeys array
-
Array Item Schema object
-
expirationTimeUsec integer
-
fingerprint string
-
key string
-
-
-
notes object
-
contentType string
-
value string
-
-
websites array
-
Array Item Schema object
-
customType string
-
primary boolean
-
type string
-
value string
-
-
-
locations array
-
Array Item Schema object
-
area string
-
buildingId string
-
customType string
-
deskCode string
-
floorName string
-
floorSection string
-
type string
-
-
-
includeInGlobalAddressList boolean
-
keywords array
-
Array Item Schema object
-
customType string
-
type string
-
value string
-
-
-
deletionTime string
-
gender object
-
addressMeAs string
-
customGender string
-
type string
-
-
thumbnailPhotoEtag string
-
ims array
-
Array Item Schema object
-
customProtocol string
-
customType string
-
im string
-
primary boolean
-
protocol string
-
type string
-
-
-
customSchemas object
-
somefield string
-
-
isEnrolledIn2Sv boolean
-
isEnforcedIn2Sv boolean
-
archived boolean
-
orgUnitPath string
-
recoveryEmail string
-
recoveryPhone string
-
-
statusCode integer
-
headers object
-
etag string
-
content-type string
-
vary string
-
date string
-
server string
-
content-length string
-
x-xss-protection string
-
x-frame-options string
-
x-content-type-options string
-
alt-svc string
-
connection string
-
-
Delete a User
Delete a user account
Show details
-
Properties
-
Input Schema
-
Output Schema
- User Identifier textField
-
The user’s primary email address, unique user id, or one of the user’s alias email addresses.
-
default object
-
properties object
-
privateKey string required
-
iss string required
-
sub string required
-
userKey string required
-
-
-
output object
-
rawResponse string
-
statusCode integer
-
headers object
-
etag string
-
vary string
-
date string
-
content-type string
-
server string
-
content-length string
-
x-xss-protection string
-
x-frame-options string
-
x-content-type-options string
-
alt-svc string
-
connection string
-
-
Get User Information
Get information about a user
Show details
-
Properties
-
Input Schema
-
Output Schema
- User Identifier textField
-
The user’s primary email address, unique user id, or one of the user’s alias email addresses.
- Requested Fields dropDown
-
The level of information to request about the user. "Basic" returns a standard set of fields. "Full" returns all fields. "Use Custom Field Schemas" returns the Basic fields as well as specific fields associated with the schemas you enter in "Custom Field Schemas".
-
BASIC
-
CUSTOM
-
FULL
-
- View Type dropDown
-
The type of fields to request. "Admin View" returns publicly visible and administrator-only fields. "Public View" only returns publicly visible fields.
-
Admin View
-
Domain Public
-
- Output Filter textFieldArrayView
-
The list of fields for the connector to output to the flow, such as "emails" or "emails.address". Instead of outputting all of the results from the "Requested Attributes", you can filter the results to a list of specific fields. Type a field name and press Enter to add it. Leave this field blank to include all requested fields in the connector output.
- Custom Field Schemas textFieldArrayView
-
The list of schemas to request. This returns all fields associated with the listed schemas. Type a schema name and press Enter to add it.
-
default object
-
properties object
-
privateKey string required
-
iss string required
-
sub string required
-
userKey string required
-
-
-
output object
-
rawResponse object
-
id string
-
primaryEmail string
-
password string
-
hashFunction string
-
isAdmin boolean
-
isDelegatedAdmin boolean
-
agreedToTerms boolean
-
suspended boolean
-
changePasswordAtNextLogin boolean
-
ipWhitelisted boolean
-
name object
-
givenName string
-
familyName string
-
fullName string
-
-
kind string
-
etag string
-
emails array
-
Array Item Schema object
-
address string
-
customType string
-
type string
-
primary boolean
-
-
-
externalIds array
-
Array Item Schema object
-
customType string
-
type string
-
value string
-
-
-
relations array
-
Array Item Schema object
-
customType string
-
type string
-
value string
-
-
-
aliases array
-
Array Item Schema string
-
-
isMailboxSetup boolean
-
customerId string
-
addresses array
-
Array Item Schema object
-
country string
-
countryCode string
-
customType string
-
extendedAddress string
-
formatted string
-
locality string
-
poBox string
-
postalCode string
-
primary boolean
-
region string
-
sourceIsStructured boolean
-
streetAddress string
-
type string
-
-
-
organizations array
-
Array Item Schema object
-
costCenter string
-
customType string
-
department string
-
description string
-
domain string
-
fullTimeEquivalent integer
-
location string
-
name string
-
primary boolean
-
symbol string
-
title string
-
type string
-
-
-
lastLoginTime string
-
phones array
-
Array Item Schema object
-
customType string
-
primary boolean
-
type string
-
value string
-
-
-
suspensionReason string
-
thumbnailPhotoUrl string
-
languages array
-
Array Item Schema object
-
customLanguage string
-
languageCode string
-
preference string
-
-
-
posixAccounts array
-
Array Item Schema object
-
accountId string
-
gecos string
-
gid integer
-
homeDirectory string
-
operatingSystemType string
-
primary boolean
-
shell string
-
systemId string
-
uid integer
-
username string
-
-
-
creationTime string
-
nonEditableAliases array
-
Array Item Schema string
-
-
sshPublicKeys array
-
Array Item Schema object
-
expirationTimeUsec integer
-
fingerprint string
-
key string
-
-
-
notes object
-
contentType string
-
value string
-
-
websites array
-
Array Item Schema object
-
customType string
-
primary boolean
-
type string
-
value string
-
-
-
locations array
-
Array Item Schema object
-
area string
-
buildingId string
-
customType string
-
deskCode string
-
floorName string
-
floorSection string
-
type string
-
-
-
includeInGlobalAddressList boolean
-
keywords array
-
Array Item Schema object
-
customType string
-
type string
-
value string
-
-
-
deletionTime string
-
gender object
-
addressMeAs string
-
customGender string
-
type string
-
-
thumbnailPhotoEtag string
-
ims array
-
Array Item Schema object
-
customProtocol string
-
customType string
-
im string
-
primary boolean
-
protocol string
-
type string
-
-
-
customSchemas object
-
somefield string
-
-
isEnrolledIn2Sv boolean
-
isEnforcedIn2Sv boolean
-
archived boolean
-
orgUnitPath string
-
recoveryEmail string
-
recoveryPhone string
-
-
statusCode integer
-
headers object
-
etag string
-
content-type string
-
vary string
-
date string
-
server string
-
content-length string
-
x-xss-protection string
-
x-frame-options string
-
x-content-type-options string
-
alt-svc string
-
connection string
-
-
Update a User
Update information about a user
Show details
-
Properties
-
Input Schema
-
Output Schema
- User Identifier textField
-
The user’s primary email address, unique user id, or one of the user’s alias email addresses.
- Other User Attributes variableInputList
-
Define additional attributes to add to the user account. For help, see the User Accounts section of the Google Workspace SDK documentation.
-
default object
-
properties object
-
privateKey string required
-
iss string required
-
sub string required
-
userKey string required
-
-
-
output object
-
rawResponse object
-
id string
-
primaryEmail string
-
password string
-
hashFunction string
-
isAdmin boolean
-
isDelegatedAdmin boolean
-
agreedToTerms boolean
-
suspended boolean
-
changePasswordAtNextLogin boolean
-
ipWhitelisted boolean
-
name object
-
givenName string
-
familyName string
-
fullName string
-
-
kind string
-
etag string
-
emails array
-
Array Item Schema object
-
address string
-
customType string
-
type string
-
primary boolean
-
-
-
externalIds array
-
Array Item Schema object
-
customType string
-
type string
-
value string
-
-
-
relations array
-
Array Item Schema object
-
customType string
-
type string
-
value string
-
-
-
aliases array
-
Array Item Schema string
-
-
isMailboxSetup boolean
-
customerId string
-
addresses array
-
Array Item Schema object
-
country string
-
countryCode string
-
customType string
-
extendedAddress string
-
formatted string
-
locality string
-
poBox string
-
postalCode string
-
primary boolean
-
region string
-
sourceIsStructured boolean
-
streetAddress string
-
type string
-
-
-
organizations array
-
Array Item Schema object
-
costCenter string
-
customType string
-
department string
-
description string
-
domain string
-
fullTimeEquivalent integer
-
location string
-
name string
-
primary boolean
-
symbol string
-
title string
-
type string
-
-
-
lastLoginTime string
-
phones array
-
Array Item Schema object
-
customType string
-
primary boolean
-
type string
-
value string
-
-
-
suspensionReason string
-
thumbnailPhotoUrl string
-
languages array
-
Array Item Schema object
-
customLanguage string
-
languageCode string
-
preference string
-
-
-
posixAccounts array
-
Array Item Schema object
-
accountId string
-
gecos string
-
gid integer
-
homeDirectory string
-
operatingSystemType string
-
primary boolean
-
shell string
-
systemId string
-
uid integer
-
username string
-
-
-
creationTime string
-
nonEditableAliases array
-
Array Item Schema string
-
-
sshPublicKeys array
-
Array Item Schema object
-
expirationTimeUsec integer
-
fingerprint string
-
key string
-
-
-
notes object
-
contentType string
-
value string
-
-
websites array
-
Array Item Schema object
-
customType string
-
primary boolean
-
type string
-
value string
-
-
-
locations array
-
Array Item Schema object
-
area string
-
buildingId string
-
customType string
-
deskCode string
-
floorName string
-
floorSection string
-
type string
-
-
-
includeInGlobalAddressList boolean
-
keywords array
-
Array Item Schema object
-
customType string
-
type string
-
value string
-
-
-
deletionTime string
-
gender object
-
addressMeAs string
-
customGender string
-
type string
-
-
thumbnailPhotoEtag string
-
ims array
-
Array Item Schema object
-
customProtocol string
-
customType string
-
im string
-
primary boolean
-
protocol string
-
type string
-
-
-
customSchemas object
-
somefield string
-
-
isEnrolledIn2Sv boolean
-
isEnforcedIn2Sv boolean
-
archived boolean
-
orgUnitPath string
-
recoveryEmail string
-
recoveryPhone string
-
-
statusCode integer
-
headers object
-
etag string
-
content-type string
-
vary string
-
date string
-
server string
-
content-length string
-
x-xss-protection string
-
x-frame-options string
-
x-content-type-options string
-
alt-svc string
-
connection string
-
-
Add a User to a Group
Add a user to a group
Show details
-
Properties
-
Input Schema
-
Output Schema
- Group Identifier textField
-
The group’s primary email address, unique group id, or alias.
- Member Email textField
-
The member’s email address. The member can be a user or another group.
- Member Role dropDown
-
The role to assign the member in the group.
-
Manager
-
Member
-
Owner
-
- Member Type dropDown
-
The type of member in the group.
-
Customer
-
External
-
Group
-
User
-
- Member Email Delivery Settings dropDown
-
The member’s email delivery frequency.
-
ALL_MAIL
-
DAILY
-
DIGEST
-
DISABLED
-
NONE
-
-
default object
-
properties object
-
privateKey string required
-
iss string required
-
sub string required
-
groupKey string required
-
memberEmail string required
-
-
-
output object
-
rawResponse object
-
id string
-
email string
-
name string
-
description string
-
adminCreated boolean
-
directMembersCount string
-
kind string
-
etag string
-
aliases array
-
nonEditableAliases array
-
-
statusCode integer
-
headers object
-
etag string
-
content-type string
-
vary string
-
date string
-
server string
-
content-length string
-
x-xss-protection string
-
x-frame-options string
-
x-content-type-options string
-
alt-svc string
-
connection string
-
-
Remove a User from a Group
Remove a user from a group
Show details
-
Properties
-
Input Schema
-
Output Schema
- Member Key textField
-
Identifies the group member in the API request.
- Group Identifier textField
-
The group’s primary email address, unique group id, or alias.
-
default object
-
properties object
-
privateKey string required
-
iss string required
-
sub string required
-
groupKey string required
-
memberKey string required
-
-
-
output object
-
statusCode integer
-
headers object
-
vary string
-
date string
-
content-type string
-
server string
-
content-length string
-
x-xss-protection string
-
x-frame-options string
-
x-content-type-options string
-
alt-svc string
-
connection string
-
-
List a User’s Devices
Query Google Workspace for a list of devices associated with a user account
Show details
-
Properties
-
Input Schema
-
Output Schema
- Customer ID textField
-
The unique ID for the customer’s Google Workspace account, such as "C123abc4d". This ID is available from the "Get User Information" capability.
- Maximum Number of Results textField
-
The maximum number of results to return from the query, up to 100.
- Device Order dropDown
-
The device property to use for sorting results.
-
DEVICE_ID
-
EMAIL
-
LAST_SYNC
-
MODEL
-
NAME
-
OS
-
STATUS
-
TYPE
-
- Requested Device Fields dropDown
-
The level of information to request about the device. "Basic" returns a standard set of fields. "Full" returns all fields.
-
BASIC
-
FULL
-
- Query String textField
-
The query used to search for devices, such as "status:approved" or "os:Android". For help, see documentation for "Mobile device search fields" section of the Google Workspace SDK Directory API documentation.
- Sort Order dropDown
-
The sort order for the list of devices. This is required if you have selected a "Device Order" option.
-
ASCENDING
-
DESCENDING
-
- Page Token textField
-
The token used to specify the next page in the results, such as "3". Use this to get pages of results for queries that return more than the maximum number of results.
-
default object
-
properties object
-
privateKey string required
-
iss string required
-
sub string required
-
customerId string required
-
maxResults number
-
orderBy string
-
deviceProjection string
-
query string
-
sortOrder string
-
-
-
output object
-
kind string
-
etag string
-
mobiledevices array
-
Array Item Schema object
-
kind string
-
etag string
-
resourceId string
-
deviceId string
-
name array
-
Array Item Schema string
-
-
email array
-
Array Item Schema string
-
-
model string
-
os string
-
type string
-
status string
-
hardwareId string
-
firstSync string
-
lastSync string
-
userAgent string
-
serialNumber string
-
imei string
-
meid string
-
wifiMacAddress string
-
networkOperator string
-
defaultLanguage string
-
managedAccountIsOnOwnerProfile boolean
-
deviceCompromisedStatus string
-
buildNumber string
-
kernelVersion string
-
basebandVersion string
-
unknownSourcesStatus boolean
-
developerOptionsStatus boolean
-
otherAccountsInfo array
-
Array Item Schema string
-
-
adbStatus boolean
-
supportsWorkProfile boolean
-
manufacturer string
-
releaseVersion string
-
securityPatchLevel string
-
brand string
-
bootloaderVersion string
-
hardware string
-
encryptionStatus string
-
devicePasswordStatus string
-
privilege string
-
applications array
-
Array Item Schema object
-
packageName string
-
displayName string
-
versionName string
-
versionCode string
-
permission array
-
Array Item Schema string
-
-
-
-
-
-
nextPageToken string
-
Manage a Device
Take administrative action on a device, such as approving, blocking, or wiping data
Show details
-
Properties
-
Input Schema
-
Output Schema
- Customer ID textField
-
The unique ID for the customer’s Google Workspace account, such as "C123abc4d". This ID is available from the "Get User Information" capability.
- Device ID textField
-
The device ID, such as "AFiQxQ-WO…YM-hf080OZy".
- Action dropDown
-
The administrative action to take on the device.
-
Admin remote wipe
-
Admin account wipe
-
Approve
-
Block
-
Cancel remote wipe then activate
-
Cancel remote wipe then block
-
-
default object
-
properties object
-
privateKey string required
-
iss string required
-
sub string required
-
customerId string required
-
resourceId string required
-
action string required
-
-
-
output object
-
rawResponse string
-
statusCode integer
-
headers object
-
etag string
-
vary string
-
date string
-
content-type string
-
server string
-
content-length string
-
x-xss-protection string
-
x-frame-options string
-
x-content-type-options string
-
alt-svc string
-
connection string
-
-
Assign a License to a User
Grant a user access to a product by assigning a license
Show details
-
Properties
-
Input Schema
-
Output Schema
- Product ID textField
-
The product ID, such as "Google-Apps".
- SKU ID textField
-
The SKU ID, such as "Google-Apps-For-Business".
- User ID textField
-
The user’s primary email address.
-
default object
-
properties object
-
privateKey string required
-
iss string required
-
sub string required
-
productId string required
-
skuId string required
-
licenseUserId string required
-
-
-
output object
-
rawResponse object
-
userId string
-
-
statusCode integer
-
headers object
-
etag string
-
content-type string
-
vary string
-
date string
-
server string
-
content-length string
-
x-xss-protection string
-
x-frame-options string
-
x-content-type-options string
-
alt-svc string
-
connection string
-
-
Revoke a User’s License
Remove a user’s access to a product by revoking a license
Show details
-
Properties
-
Input Schema
-
Output Schema
- Product ID textField
-
The product ID, such as "Google-Apps".
- SKU ID textField
-
The SKU ID, such as "Google-Apps-For-Business".
- User ID textField
-
The user’s primary email address.
-
default object
-
properties object
-
privateKey string required
-
iss string required
-
sub string required
-
productId string required
-
skuId string required
-
licenseUserId string required
-
-
-
output object
-
statusCode integer
-
headers object
-
etag string
-
content-type string
-
vary string
-
date string
-
server string
-
content-length string
-
x-xss-protection string
-
x-frame-options string
-
x-content-type-options string
-
alt-svc string
-
connection string
-
-
Make a Custom API Call
Define and use your own call to the Google Workspace Admin REST API
Show details
-
Properties
-
Input Schema
-
Output Schema
- Endpoint textField required
-
The Workspace API endpoint, such as "https://admin.googleapis.com/admin/directory/v1/users/user@example.com".
- HTTP Method dropDown required
-
The HTTP method of the API call.
-
GET
-
POST
-
PUT
-
DELETE
-
- Query Parameters keyValueList
-
Query parameters for the request.
- Additional Headers keyValueList
-
Define additional headers to send to Workspace. For help, see the Google Workspace API documentation.
- Body codeEditor
-
The body of the API call.
-
default object
-
properties object
-
privateKey string required
-
iss string required
-
sub string required
-
endpoint string required
-
method string required
-
-
-
output object
-
rawResponse object
-
statusCode integer
-
headers object
-
etag string
-
content-type string
-
vary string
-
date string
-
server string
-
content-length string
-
x-xss-protection string
-
x-frame-options string
-
x-content-type-options string
-
alt-svc string
-
connection string
-
-