Creating a Google Workspace connection
Use a Google Workspace connection to enable provisioning from PingOne to the Google Workspace user directory.
Before you begin
Review the Google Cloud documentation at Google Cloud documentation.
Make sure that you have:
-
A Google Workspace project. For more information, see the Google Cloud admin console.
-
Details for the connected application, such as application name, domain, OAuth client ID, and client secret. For more information, see Finding Google application details.
-
Reviewed the Google Workspace provisioning known limitations.
Steps
-
Go to Integrations → Provisioning.
-
Click and then click New Connection.
-
On the Identity Store line, click Select.
-
Click Google Workspace, click Select, and then click Next.
-
Enter a name and description for the provisioning connection.
The connection name is added to the Connections tab after you save the connection.
-
Click Next.
-
On the Configure authentication panel, enter the following information.
You can find the values on the Google Developer console. For more information, see Finding Google application details.
-
Application name: The name of the connected application.
-
Domain: The fully qualified domain name for the connected application.
-
OAuth client ID: The application ID for the connected application.
-
OAuth client secret: The application secret for the connected application.
-
OAuth access token: The access token for the connected application.
-
OAuth refresh token: The refresh token for the connected application.
-
-
Click Test connection to verify that PingOne can establish a connection to Google Workspace.
Result:
If there are any issues with the connection, a Test Connection Failed dialog box opens. Click Continue to resume the setup with an invalid connection.
You cannot use the connection for provisioning until you have established a valid connection to Google Workspace. To retry, click Cancel in the Test Connection Failed dialog box and repeat step 7.
Troubleshooting:
Learn more about troubleshooting your connection in Troubleshooting Test Connections Failure.
-
On the Actions panel, enter the following:
Field Value Allow users to be created
Determines whether to create a user in the Google Workspace user directory when the user is created in the PingOne identity store.
Allow users to be updated
Determines whether to update user attributes in the Google Workspace user directory when the user is updated in the PingOne identity store.
Allow users to be disabled
When a user is disabled in the PingOne identity store, PingOne disables the user in the external identity store.
You’ll see this option only if you select Allow users to be updated.
Allow users to be deprovisioned
Determines whether to deprovision a user in the Google Workspace user directory when the user is deprovisioned in the PingOne identity store.
Remove action
Determines the action to take when removing a user from the Google Workspace user directory.
You’ll see this option only if you select Allow users to be deprovisioned.
Disable:When a user is deprovisioned from the PingOne identity store, PingOne disables the user in the external identity store.
Delete: When a user is deprovisioned from the PingOne identity store, PingOne deletes the user in the external identity store.
Deprovision on rule deletion
Determines whether to deprovision users that were provisioned using this rule if the rule is deleted.
-
Click Finish.
Next steps
To sync group members out of PingOne into a software as a service (SaaS) application, follow the instructions in Configuring outbound group provisioning.