The set of integrations here focuses on integrating with Google Workspace to be able to manage these users from within Oomnitza for SaaS Management and general user management capabilities.
The authentication in this case is through the Google Identity Service which is used for all Google Services, including but not limited to Workspace as well as Cloud Platform.
Navigation
Google Workspace extended user integration
Google Workspace extended user group integration
GSuite SaaS management user integration
Creating workflows with the API block
Google Workspaces: Create User
Google Workspaces: Add User to Group
Google Workspaces: Delete User
Google Workspaces: Suspend User
Google Workspaces: Un-Suspend User
Google Workspaces: Sign out User
Google Workspaces: Reset Password for User
Google Workspaces: Set Email Auto-reply for User (Update Vacation Settings)
Google Workspaces: Turn off 2 Step Verification
Google Workspaces: Add an Email Forwarding Recipient
Google Workspaces: Enable Email Forwarding for User
Authentication
Google Identity Service leverages oAuth2 authentication. Instructions on setting up a Google Workspace OAuth2 App and add your credentials to the Oomnitza vault can be found here: Adding Google (OAuth 2.0) credentials.
For the Google Workspaces: Add an Email Forwarding Recipient, and Enable Email Forwarding for User you can use Session based authentication. Instructions on adding your Google Session based credentials to the Oomnitza vault can be found here: Adding Google Session based credentials.
Google Workspace extended user integration
For instructions on how to create a Google Workspace extended user integration, refer to Creating an extended integration for Google Workspace users.
Google Workspace extended user group integration
For instructions on how to create a Google Workspace extended user group integration, refer to Creating an extended integration for Google Workspace user groups
GSuite SaaS management user integration
Oomnitza supports the ability to retrieve SaaS User info from Google SSO, for use in Oomnitza SaaS management user integration.
Scopes
Select the following scopes when using the SaaS management user integration:
https://www.googleapis.com/auth/admin.directory.user.readonlyhttps://www.googleapis.com/auth/admin.reports.audit.readonlyhttps://www.googleapis.com/auth/admin.reports.usage.readonlyhttps://www.googleapis.com/auth/userinfo.profilehttps://www.googleapis.com/auth/userinfo.emailopenid
For further information refer to OAuth 2.0 Scopes for Google APIs.
Creating the integration
- From the menu, click Configuration > Integrations > Overview.
- Click Integrations List View
. - On the Integrations page, scroll down to the SaaS Management Integrations section.
- Click G Suite.
- Click Next.
- On the Connect page, enter the domain of your Google Account, and select your Google OAuth2 credentials.
- Enter your Default user role and Username format.
- Select the Restrict Access to Oomnitza checkbox if you would like to restrict user access to Oomnitza.
- Click Next.
Schedule
By default, user data is streamed to Oomnitza once every day.
You can configure the schedule to meet your needs such as changing the interval or changing the time so that the data is streamed when your system isn't busy.
- Configure your schedule.
- Click FINISH.
What to do next
If you want to see the information that is collected now, click the tile on the Integrations page and click RUN NOW.
Creating Saas user workflows
You can create the Google Workspace SaaS User workflow by following the steps in Creating Saas user workflows. Configuration of this SaaS User Role block enables you to read a user’s role and last login date from Google Workspaces. When creating the user workflows for Google Workspaces, the following specific configuration is required:
- To locate the available presets, enter Google in the Select Preset search field.
- Select the SaaS User Role Block for Google Workspaces and select your Google Workspaces credential. For further information, refer to Adding Google (OAuth 2.0) credentials.
Creating workflows with the API block
To reduce your workload and automate complex and repetitive tasks, you can create user workflows with the API block by following the steps in Creating workflows with the API block.
To locate the available presets, enter Google in the Select Preset search field. Select your preset of choice and for every preset enter the following information in the Configure section:
- Your Google Workspaces credential. For further information, refer to Adding Google (OAuth 2.0) credentials.
- Your SaaS User Role Block for Google Workspaces is setup in Oomnitza.
For information on the specific requirements for each preset, click one of the links below:
Google Workspaces: Create User
Google Workspaces: Add User to Group
Google Workspaces: Delete User
Google Workspaces: Suspend User
Google Workspaces: Un-Suspend User
Google Workspaces: Sign out User
Google Workspaces: Reset Password for User
Google Workspaces: Set Email Auto-reply for User (Update Vacation Settings)
Google Workspaces: Turn off 2 Step Verification
Google Workspaces: Add an Email Forwarding Recipient
Google Workspaces: Enable Email Forwarding for User
Google Workspaces: Create User
With this preset you can create a new user in Google Workspace by sending the email, first name and last name to Google for the user creation. You need to select the correct credential and also specify the user's initial password and make sure that this fits in with your password requirements as defined in Google Workspace. For further information, refer to the Google API documentation: Insert Users.
Google Workspaces: Add User to Group
This preset adds a user to the specified group. For further information, refer to the Google API documentation: Insert Members.
Google Workspaces: Delete User
Using this setup outlined below, you can create a workflow that can automatically delete a Google Workspaces user account retrieved using your SaaS User Role Block for Google Workspaces.
For further information, refer to the Google API documentation: Delete Users.
Google Workspaces: Suspend User
Using this setup outlined below, you can create a workflow that would automatically suspend a Google Workspaces user account. When constructing a workflow that uses this preset, the following information is required:
- UserKey. The value can be the user's primary email address, alias email address, or unique user ID.
- The following scope is required to be added when Adding Google (OAuth 2.0) credentials:
https://www.googleapis.com/auth/userinfo.email
For further information, refer to the Google API documentation: Update Users.
Google Workspaces: Un-Suspend User
Using this setup outlined below, you can create a workflow that would automatically Un-suspend a Google Workspaces user account. You need to supply the same information as described in the Google Workspaces: Suspend User preset. In comparison to the Suspend User preset, the value suspended will be set to false:
{
"suspended": false
}
Google Workspaces: Sign out User
Using this setup outlined below, you can create a workflow that would automatically sign out a user from all web and device sessions and reset their sign-in cookies. The will have to authenticate by signing in again.
When constructing a workflow that uses this preset, the following information is required:
- UserKey. The value can be the user's primary email address, alias email address, or unique user ID.
- The following scope is required to be added when Adding Google (OAuth 2.0) credentials:
https://www.googleapis.com/auth/admin.directory.user.security
For further information, refer to the Google API documentation: SignOut Users.
Google Workspaces: Reset Password at next Login for User
Using this setup outlined below, you can create a workflow that would automatically ask a user to change their existing password at their next login.
When constructing a workflow that uses this preset, the following information is required:
- UserKey. The value can be the user's primary email address, alias email address, or unique user ID.
- The following scope is required to be added when Adding Google (OAuth 2.0) credentials:
https://www.googleapis.com/auth/admin.directory.user
For further information, refer to the Google API documentation: Update Users.
Google Workspaces: Set Email Auto-reply for User (Update Vacation Settings)
Using this setup outlined below, you can create a workflow that would automatically trigger a users email auto-reply, including the email subject, message and optional duration to send a response. This preset requires the Gmail API to be enabled in your GCP Project. For further information, refer to Google API documentation: Enabling an API in your Google Cloud project.
When constructing a workflow that uses this preset, the following information is required:
- UserKey. The value can be the user's primary email address, alias email address, or unique user ID.
- The following scope is required to be added when Adding Google (OAuth 2.0) credentials:
https://www.googleapis.com/auth/gmail.settings.basic
Use the Advanced Mode to configure the message payload. To do this, complete the following steps:
- In the API block window, click the Advanced Mode button located in the upper right of the window.
- Select the Body tab and review the vacation settings details. Modify, update or add fields (such as the startTime and endTime) that will be used in the request payload. For information on the fields that are permitted in the request payload, refer to the Google API documentation: Update Vacation.
- Select the Response tab.
- For troubleshooting purposes, you can map the Response field {{response}} to a custom long text Oomnitza field. Once you have the entire response, you can then map to individual JSON values to custom fields. To create a custom field, go to Customization in Oomnitza. For further information, see Creating Custom Fields in Oomnitza.
For further information, refer to the following documentation:
| Json Value |
Description |
enableAutoReply |
Flag that controls whether Gmail automatically replies to messages. |
responseSubject |
Optional text to prepend to the subject line in vacation responses. In order to enable auto-replies, either the response subject or the response body must be nonempty. |
responseBodyPlainText |
Response body in plain text format. If both |
responseBodyHtml |
Response body in HTML format. Gmail will sanitize the HTML before storing it. If both |
restrictToContacts |
Flag that determines whether responses are sent to recipients who are not in the user's list of contacts. |
restrictToDomain |
Flag that determines whether responses are sent to recipients who are outside of the user's domain. This feature is only available for G Suite users. |
startTime |
An optional start time for sending auto-replies (epoch ms). When this is specified, Gmail will automatically reply only to messages that it receives after the start time. If both |
endTime |
An optional end time for sending auto-replies (epoch ms). When this is specified, Gmail will automatically reply only to messages that it receives before the end time. If both |
Google Workspaces: Turn off 2 Step Verification
Using this setup outlined below, you can create a workflow that would automatically turn off 2 Step verification if already enabled for an end user. This preset requires the Gmail API to be enabled in your GCP Project. For further information, refer to Google API documentation: Enabling an API in your Google Cloud project.
When constructing a workflow that uses this preset, the following information is required:
- UserKey. The value can be the user's primary email address, alias email address, or unique user ID.
- The following scope is required to be added when Adding Google (OAuth 2.0) credentials:
https://www.googleapis.com/auth/admin.directory.user.security
For further information, refer to Google API documentation: Turn off two step verification.
Google Workspaces: Add an Email Forwarding Recipient
Using this setup outlined below you can create a workflow that would automatically add an email forwarding recipient.
This preset requires the Gmail API to be enabled in your GCP Project. For further information, refer to Google API documentation: Enabling an API in your Google Cloud project.
It is recommended that you use your Google Session based credentials when using this preset. For further information, refer to Adding Google Session based credentials.
When constructing a workflow that uses this preset, the following information is required:
- UserKey. The value can be the user's primary email address, alias email address, or unique user ID.
- The following scope is required to be added when Adding Google (OAuth 2.0) credentials:
https://www.googleapis.com/auth/gmail.settings.sharing
For further information, refer to Google API documentation: Create forwarding addresses.
Google Workspaces: Enable Email Forwarding for User
Using this setup outlined below you can create a workflow that would automatically enable email forwarding for a user.
This preset requires the Gmail API to be enabled in your GCP Project. For further information, refer to Google API documentation: Enabling an API in your Google Cloud project.
It is recommended that you use your Google Session based credentials when using this preset. For further information, refer to Adding Google Session based credentials.
When constructing a workflow that uses this preset, the following information is required:
- UserKey. The value can be the user's primary email address, alias email address, or unique user ID.
- The following scope is required to be added when Adding Google (OAuth 2.0) credentials:
https://www.googleapis.com/auth/gmail.settings.sharing
For further information, refer to Google API documentation: Update forwarding addresses.
Unleash the power of Oomnitza
To get valuable actionable insights that help you manage your users, learn how to:
- Configure dashboards for your users and software
- Configure custom reports about your users and software
- Create workflows to automate tasks
See 
Getting started for more information.
Comments
0 comments
Please sign in to leave a comment.