Connectors

Google Workspace Admin Connector

The Google Workspace Admin connector lets you manage Google Workspace users, groups, and application licenses in your PingOne DaVinci flow.

Setup

Resources

For information and setup help, see the following documentation:

Requirements

To use the connector, you’ll need administrator access for your Google organization.

Setting up Google Workspace Admin

Follow the instructions in Using OAuth 2.0 for Server to Server Applications to do the following:

  1. Create a service account.

  2. Delegate domain-wide authority to the service account and authorize it with the following scopes:

    https://www.googleapis.com/auth/admin.directory.user,
    https://www.googleapis.com/auth/admin.directory.group,
    https://www.googleapis.com/auth/admin.directory.device.chromeos,
    https://www.googleapis.com/auth/admin.directory.device.mobile,
    https://www.googleapis.com/auth/apps.licensing

Setting up the Google Workspace Admin connector configuration

In DaVinci, add a Google Workspace Admin connection. For help, see Adding a connector.

Connector configuration

Service Account Email Address

The email address associated with the Google Workspace service, such as google-workspace-admin@xenon-set-123456.iam.gserviceaccount.com. You can find this on the Service Accounts page.

A screen capture of the service account page.
Admin Email Address

The email address you use to sign on to Workspace as an administrator.

Private Key

The private key associated with the public key that you added to the Google Workspace Admin service.

If you allowed Workspace to generate the key pair, open the downloaded .json file and copy the private key value.

A screen capture of the .json file with the private key highlighted.

Using the connector in a flow

Managing users

The connector has several capabilities that allow you to manage users in Workspace:

  • Create a User

  • Delete a User

  • Update a User

  • Get User Information

No special flow configuration is needed. Add the capability you want and populate its properties according to the help text.

Managing group memberships

The connector has several capabilities that allow you to manage the users that belong to each group in Workspace:

  • Add a User to a Group

  • Remove a User from a Group

No special flow configuration is needed. Add the capability you want and populate its properties according to the help text.

Managing user devices

The connector has several capabilities that allow you to list and take administrative action on the mobile devices associated with users in Workspace:

  • List a User’s Devices

  • Manage a Device

No special flow configuration is needed. Add the capability you want and populate its properties according to the help text.

Managing application licenses

The connector has several capabilities that allow you to manage the applications that each user can access in Workspace:

  • Assign a License to a User

  • Revoke a User’s License

No special flow configuration is needed. Add the capability you want and populate its properties according to the help text.

Creating a custom API call

If you want to do something that isn’t supported by one of the provided capabilities, you can use the Make Custom API Call capability to define your own action.

This capability uses the credentials from your connection to make an API call with the HTTP method, headers, query parameters, and body you specify.

Capabilities

Create a User

Create a new user account

Show details
Primary Email textField

The user’s primary email address.

Password textField

The password to assign to the user account.

Family Name textField

The user’s last name.

Given Name textField

The user’s given name.

Other User Attributes variableInputList

Define additional attributes to add to the user account. For help, see the User Accounts section of the Google Workspace SDK documentation.

Delete a User

Delete a user account

Show details
User Identifier textField

The user’s primary email address, unique user id, or one of the user’s alias email addresses.

Get User Information

Get information about a user

Show details
User Identifier textField

The user’s primary email address, unique user id, or one of the user’s alias email addresses.

Requested Fields dropDown

The level of information to request about the user. "Basic" returns a standard set of fields. "Full" returns all fields. "Use Custom Field Schemas" returns the Basic fields as well as specific fields associated with the schemas you enter in "Custom Field Schemas".

  • BASIC

  • CUSTOM

  • FULL

View Type dropDown

The type of fields to request. "Admin View" returns publicly visible and administrator-only fields. "Public View" only returns publicly visible fields.

  • Admin View

  • Domain Public

Output Filter textFieldArrayView

The list of fields for the connector to output to the flow, such as "emails" or "emails.address". Instead of outputting all of the results from the "Requested Attributes", you can filter the results to a list of specific fields. Type a field name and press Enter to add it. Leave this field blank to include all requested fields in the connector output.

Custom Field Schemas textFieldArrayView

The list of schemas to request. This returns all fields associated with the listed schemas. Type a schema name and press Enter to add it.

Update a User

Update information about a user

Show details
User Identifier textField

The user’s primary email address, unique user id, or one of the user’s alias email addresses.

Other User Attributes variableInputList

Define additional attributes to add to the user account. For help, see the User Accounts section of the Google Workspace SDK documentation.

Add a User to a Group

Add a user to a group

Show details
Group Identifier textField

The group’s primary email address, unique group id, or alias.

Member Email textField

The member’s email address. The member can be a user or another group.

Member Role dropDown

The role to assign the member in the group.

  • Manager

  • Member

  • Owner

Member Type dropDown

The type of member in the group.

  • Customer

  • External

  • Group

  • User

Member Email Delivery Settings dropDown

The member’s email delivery frequency.

  • ALL_MAIL

  • DAILY

  • DIGEST

  • DISABLED

  • NONE

Remove a User from a Group

Remove a user from a group

Show details
Member Key textField

Identifies the group member in the API request.

Group Identifier textField

The group’s primary email address, unique group id, or alias.

List a User’s Devices

Query Google Workspace for a list of devices associated with a user account

Show details
Customer ID textField

The unique ID for the customer’s Google Workspace account, such as "C123abc4d". This ID is available from the "Get User Information" capability.

Maximum Number of Results textField

The maximum number of results to return from the query, up to 100.

Device Order dropDown

The device property to use for sorting results.

  • DEVICE_ID

  • EMAIL

  • LAST_SYNC

  • MODEL

  • NAME

  • OS

  • STATUS

  • TYPE

Requested Device Fields dropDown

The level of information to request about the device. "Basic" returns a standard set of fields. "Full" returns all fields.

  • BASIC

  • FULL

Query String textField

The query used to search for devices, such as "status:approved" or "os:Android". For help, see documentation for "Mobile device search fields" section of the Google Workspace SDK Directory API documentation.

Sort Order dropDown

The sort order for the list of devices. This is required if you have selected a "Device Order" option.

  • ASCENDING

  • DESCENDING

Page Token textField

The token used to specify the next page in the results, such as "3". Use this to get pages of results for queries that return more than the maximum number of results.

Manage a Device

Take administrative action on a device, such as approving, blocking, or wiping data

Show details
Customer ID textField

The unique ID for the customer’s Google Workspace account, such as "C123abc4d". This ID is available from the "Get User Information" capability.

Device ID textField

The device ID, such as "AFiQxQ-WO…YM-hf080OZy".

Action dropDown

The administrative action to take on the device.

  • Admin remote wipe

  • Admin account wipe

  • Approve

  • Block

  • Cancel remote wipe then activate

  • Cancel remote wipe then block

Assign a License to a User

Grant a user access to a product by assigning a license

Show details
Product ID textField

The product ID, such as "Google-Apps".

SKU ID textField

The SKU ID, such as "Google-Apps-For-Business".

User ID textField

The user’s primary email address.

Revoke a User’s License

Remove a user’s access to a product by revoking a license

Show details
Product ID textField

The product ID, such as "Google-Apps".

SKU ID textField

The SKU ID, such as "Google-Apps-For-Business".

User ID textField

The user’s primary email address.

Make a Custom API Call

Define and use your own call to the Google Workspace Admin REST API

Show details
Endpoint textField required

The Workspace API endpoint, such as "https://admin.googleapis.com/admin/directory/v1/users/user@example.com".

HTTP Method dropDown required

The HTTP method of the API call.

  • GET

  • POST

  • PUT

  • DELETE

Query Parameters keyValueList

Query parameters for the request.

Additional Headers keyValueList

Define additional headers to send to Workspace. For help, see the Google Workspace API documentation.

Body codeEditor

The body of the API call.