Creating a Google Workspace connection - PingOne Cloud Platform

Creating a Google Workspace connection - PingOne Cloud Platform - PingOne

PingOne Cloud Platform

bundle

pingone

ft:publication_title

PingOne Cloud Platform

Product_Version_ce

PingOne Cloud Platform

PingOne

category

Administratorguide

ContentType

Guide

Product

Productdocumentation

p1cloudplatform

ContentType_ce

Guide > Administrator Guide

Product documentation

Guide

Page created: 13 Apr 2023 |

Page updated: 10 May 2023

| 3 min read

Product documentation Content Type Guide Administrator Guide PingOne Cloud Platform PingOne Product

Use a Google Workspace connection to enable provisioning from PingOne to the Google Workspace user directory.

Review the Google Cloud documentation at https://cloud.google.com/docs.

Make sure that you have:

A Google Workspace project. For more information, see the Google Cloud admin console.
Details for the connected application, such as application name, domain, OAuth client ID, and client secret. For more information, see Finding Google application details.
Reviewed the Google Workspace known limitations.

Go to Connections > Provisioning.
Click the + icon and then click New Connection.
For Identity Store, click the Select button.
Under Google Workspace, click Select and then click Next.
Enter a name and description for this provisioning connection.

The connection name is added to the Connections tab when you've completed and saved the connection.
Click Next.
On the Configure authentication page, enter the following information.
You can find the values on the Google Developer console. For more information, see Finding Google application details.
- Application name: The name of the connected application.
- Domain: The fully qualified domain name for the connected application.
- OAuth client ID: The application ID for the connected application.
- OAuth client secret: The application secret for the connected application.
- OAuth access token: The access token for the connected application.
- OAuth refresh token: The refresh token for the connected application.
Click Test connection to verify that PingOne can establish a connection to Google Workspace.
If there are any issues with the connection, you'll see a Test connection failed message. Click Continue to resume the setup with an invalid connection. You can't use the connection for provisioning until you have established a valid connection to Google Workspace. Click Cancel to modify the settings and try again.
On the Actions screen, enter the following:
- Allow users to be created: Determines whether to create a user in the Google Workspace user directory when the user is created in the PingOne identity store.
- Allow users to be updated: Determines whether to update user attributes in the Google Workspace user directory when the user is updated in the PingOne identity store.
  - Allow users to be disabled. When a user is disabled in the PingOne identity store, PingOne disables the user in the external identity store.
    Note:
    You'll see this option only if you select Allow users to be updated.
- Allow users to be deprovisioned: Determines whether to deprovision a user in the Google Workspace user directory when the user is deprovisioned in the PingOne identity store.
- Remove action: Determines the action to take when removing a user from the Google Workspace user directory.
  Note:
  You'll see this option only if you select Allow users to be deprovisioned.
  - Disable: When a user is deprovisioned from the PingOne identity store, PingOne disables the user in the external identity store.
  - Delete: When a user is deprovisioned from the PingOne identity store, PingOne deletes the user in the external identity store.
- Deprovision on rule deletion: Determines whether to deprovision users that were provisioned using this rule if the rule is deleted.
Click Finish.

Create a rule