• When create, read, update, or delete operations are performed on an LDAP user, most changes propagate to Google within minutes. However, changes can sometimes take up to 24 hours to propagate. For more information, see How changes propagate to Google services.
  • When the onDisable or onUpdate property’s value is changed from false to true for an LDAP user, changes won’t propagate to the target unless a new update is made to the user.

    The onDisable property doesn't disable LDAP users at the target when set to false. Neither does the onUpdate property update LDAP users at the target when set to false. This behavior is expected.

  • You can only edit the isAdmin property through the users.makeAdmin method. Edits made to the isAdmin property through the users.insert or users.update methods are ignored by the Google API service. For more information, see Make a user an administrator.
  • User attributes cannot be cleared once set.
  • When an LDAP user is deleted in a targeted group distinguished name (DN), the provisioning connector does not propagate the deletion until a new user is added to the group. This limitation is compounded when the User Create provisioning option is disabled. For solutions, see SaaS provisioner does not remove the user in the Knowledge Base.
  • Google does not properly handle creating users with an invalid addressCountry value.
  • The Connector sends the value of work for the Organization type but Google does not retain this value and as a result the Organization type has no value.
  • Google treats certain user attributes as complex data sets: Address (address* attributes), organization (org* attributes), and phone (work* attributes). Any unmapped or empty fields within a complex data set will be cleared in the corresponding Google account.
  • The Password Manager requires PingFederate 9.3 or later if deploying it within PingFederate.