Review the Google Cloud documentation at https://cloud.google.com/docs.

Make sure that you have:

  1. Go to Connections > Provisioning.
  2. Click the + icon and then click New Connection.
  3. For Identity Store, click the Select button.
  4. Under Google Workspace, click Select and then click Next.
  5. Enter a name and description for this provisioning connection.

    The connection name is added to the Connections tab when you've completed and saved the connection.

  6. Click Next.
  7. On the Configure authentication page, enter the following information.

    You can find the values on the Google Developer console. For more information, see Finding Google application details.

    • Application name: The name of the connected application.
    • Domain: The fully qualified domain name for the connected application.
    • OAuth client ID: The application ID for the connected application.
    • OAuth client secret: The application secret for the connected application.
    • OAuth access token: The access token for the connected application.
    • OAuth refresh token: The refresh token for the connected application.
  8. Click Test connection to verify that PingOne can establish a connection to Google Workspace.

    If there are any issues with the connection, you'll see a Test connection failed message. Click Continue to resume the setup with an invalid connection. You can't use the connection for provisioning until you have established a valid connection to Google Workspace. Click Cancel to modify the settings and try again.

  9. On the Actions screen, enter the following:
    • Allow users to be created: Determines whether to create a user in the Google Workspace user directory when the user is created in the PingOne identity store.
    • Allow users to be updated: Determines whether to update user attributes in the Google Workspace user directory when the user is updated in the PingOne identity store.
      • Allow users to be disabled. When a user is disabled in the PingOne identity store, PingOne disables the user in the external identity store.
        Note:

        You'll see this option only if you select Allow users to be updated.

    • Allow users to be deprovisioned: Determines whether to deprovision a user in the Google Workspace user directory when the user is deprovisioned in the PingOne identity store.
    • Remove action: Determines the action to take when removing a user from the Google Workspace user directory.
      Note:

      You'll see this option only if you select Allow users to be deprovisioned.

      • Disable: When a user is deprovisioned from the PingOne identity store, PingOne disables the user in the external identity store.
      • Delete: When a user is deprovisioned from the PingOne identity store, PingOne deletes the user in the external identity store.
    • Deprovision on rule deletion: Determines whether to deprovision users that were provisioned using this rule if the rule is deleted.
  10. Click Finish.

Create a rule