Setup Google Workspace identities

Setup identities from Google Workspace

Google Workspace (formerly known as G Suite) is a collection of cloud computing, productivity and collaboration tools. You can seamlessly and securely synchronize your Google Workspace and idBlender identities. Alternatively you can do a one-time import and then manage identities inside idBlender.

Synchonization

Identities can be automatically synchronized between Workspace and idBlender. Synchronization makes it easy to manage Workspace users (identities) state and data between systems.

Pre-requisites

  • idBlender account.
  • Google Workspace account with admin permissions.
  • Access to Google Cloud Platform Console.

How it works?

  1. Create Google Workspace service account.
  2. Add sync attribute to Worspace users.
  3. Turn on sync attribute for selected users.
  4. Create idBlender synchronization profile.

1. Create Google Workspace Service Account

Follow these steps to create a service account in the Google Cloud Platform (GCP) Console. Instructions below are based on Google Workspace documentation.

1.1. Create GCP project
  1. Go to the Google Cloud Platform Console and sign in as a super administrator.
  2. Click IAM & Admin and then Manage Resources.
    3. GCP console
  3. At the top of the screen, click Create Project.
  4. Enter a project name. Optionally you can add the project to a folder, specify the folder name in the Location box.
  5. Click Create.
1.2. Turn on APIs for service account
  1. Make sure your new project is selected in the projects list at the top of the screen.
  2. Click APIs & Services and then Library.
    3. GCP API services
  3. Search for Admin SDK and then Enable it.
    4. GCP Admin enabled
1.3. Create the Service Account
  1. Click APIs & Services and then Credentials.
  2. Click Create Credentials and select Service account.
    3. GCP Admin service account
  3. In the Service account name field, enter a name for the service account.
  4. (Optional) In the Service account description field, enter a description of the service account.
  5. Click Create.
  6. (Optional) Assign the role of Project and then Viewer to the new service account.
  7. Click Continue and then Done.
  8. On the Credentials page, under Service Accounts, click the email address of the service account you created.
  9. Click Show Domain-Wide Delegation.
  10. Check the Enable G Suite Domain-wide Delegation box.
    11. GCP Admin service account details
  11. Click Add key > Create new key.
  12. Select JSON file type, create and download key file.
    13. GCP Admin service account keys

2. Add sync attribute to Workspace users

  1. Navigate to Google Workspace admin panel.
    2. Workspace admin
  2. Open Users console.
    3. Workspace users
  3. Select menu More > Manage custom attributes.
  4. Click on Add Custom Attribute
  5. Enter "idblender" category and custom field "sync" with "Yes or no" type, visibility "Visible to organization" and "Single Value".
    6. Sync attribute

3. Turn On sync attribute for users

  1. Open user profile
    2. User view
  2. Expand User Information section.
  3. Set sync setting value to Yes.
    4. User view

4. Create idBlender synchronization profile

  1. Login to idBlender as admin.
  2. Select menu item Settings>Synchronization.
  3. Create new synchronization profile.
  4. Enter Google Cloud Platform Console account email.
  5. Upload service account credentials JSON file.
    6. idBlender sync create
  6. Execute sync manually anytime or set the automatic sync period.
    7. idBlender sync execution

That is it, users from Workspace will appear in idBlender after the next synchronization run. Please contact support if you have issues or questions.