Google Integration

Avatar
Fergal Moynihan
Follow

 

The set of integrations here focuses on integrating with the Google Identity Service and to then be able to manage these users from within Oomnitza as well as ingesting a list of assets from the Google Cloud Platform and managing them within the asset module in Oomnitza.

Following integrations are available with Google:

 

Authentication

Google Identity Service leverages oAuth2 authentication. Please follow the documentation to create an OAuth2.0 app and keep your Client ID, Client Secret and Scope to be used when configuring your credential within Oomnitza.

As for the scope when entering the credential, please refer to the API details below as well as the Google documentation. 

Documentation Links:

 

Asset Load (Google Cloud Platform)

Prerequisites:

1. You have successfully created your Google OAuth2.0 Authentication App. 

 

Steps:

1. Navigate to "Settings>Integrations" and scroll down to the "Asset Integrations" and further to the "Extended" sub section.

2. Select "New Integration" under the "Extended" section.

3. Select "Apply" from the SaaS vendor Preset you require and then "Next" to move to the "Info" page.

4. Here you will find the instructions for your SaaS that you are configuring. Select "Next" to move to "Connect".

5. Add your Name (for the integration), your Installation type (Cloud or Local), Credentials (using those from your OAuth2.0 App), your Integration preferences (Create & Update, create only or update only), the Integration User (so you can see assets added by this user) and from your Google Cloud Platform, you will need your Project and Zone (where your VM instances run). When complete, select Next to move to the "Mappings" step.

6. Select the fields that you want to import to Oomnitza making sure you have at least one Sync key in place. For example, you may map the GoogleCloud VM ID to the Oomnitza Serial Number and use as a Sync key.  Once you are satisfied with the data mappings, you can select "Next" to bring your to the final step, "Schedule".

7. Create the schedule accordingly to your uses case, Daily, Weekly, monthly etc and select "Finish" to complete this configuration.

Note: Each GoogleCloud Integrations is per Zone. To capture multiple Zones, create multiple integrations as per set-up above.

 

User Load (Google Workspaces)

Further information about Google Workspaces: https://oomnitza.zendesk.com/hc/en-us/articles/360059977273

 

Prerequisites:

1. You have successfully created your Google OAuth2.0 Authentication App. 

 

Steps:

1. Navigate to "Settings>Integrations" and scroll down to the "User Integrations" and further to the "Extended" sub section.

2. Select "New Integration" under the "Extended" section.

3. Select "Apply" from the SaaS vendor Preset you require and then "Next" to move to the "Info" page.

4. Here you will find the instructions for your SaaS that you are configuring. Select "Next" to move to "Connect".

5. Add your Name (for the integration), your Installation type (Cloud or Local), Credentials (using those from your OAuth2.0 App), your Integration preferences (Create & Update, create only or update only) and the Integration User (so you can see user information added by this user). When complete, select Next to move to the "Mappings" step.

6. Select the fields that you want to import to Oomnitza making sure you have at least one Sync key in place. For example, you may map the Google Workspace email to the Oomnitza email field and use as a Sync key. Once you are satisfied with the data mappings, you can select "Next" to bring your to the final step, "Schedule". You can find more help on mapping and creating custom fields at Mapping Extended Connectors .

7. Create the schedule accordingly to your uses case, Daily, Weekly, monthly etc and select "Finish" to complete this configuration.

 

SaaS SSO User Load

Oomnitza supports the ability to retrieve SaaS User info from Google SSO, for use in Oomnitza's SaaS Software Management Module.

Prerequisites:

A Google OAuth2.0 credential with the following scopes:

Steps

  1. From the Integrations page, scroll to "SaaS Management Integrations" and Select G Suite.
  2. Click to the Authorization Page, enter the domain of your Google Account, and select the proper credential.
    mceclip0.png
  3. With those entered, click Next. 
  4. Specify the frequency at which you'd like the connection to run, then click "Finish" in the lower right.

 

SaaS User Role Block 

Please work through the following steps to configure the SaaS User Role Block for Google Workspaces. Configuration of this SaaS User Role block will allow you to capture the Google Workspaces "User Role" and the "Last Login" date (coming from your Google Workspaces account)  within Oomnitza.

Prerequisites:

1. A Google Workspaces Credential is added using OAuth2.0 Authentication method as described above.

2. Your Google Workspaces SaaS and Contract details with Users are already available within Oomnitza 

 

Steps:

1. Navigate to "Software>Workflow>SaaS Users" as per screenshot below.

mceclip0.png

2. From the SaaS Users Workflow page, select the "Add" button in the top right of your screen, above the grid.

mceclip1.png

3. Give your new Workflow a "Workflow name" (mandatory) and a "Workflow description" (optional) before selecting "Add Item" to create it.

4. From the "Tools" section on the left, drag the "SaaS User Role retrieval block" onto the "Sandbox" section.

Note: All workflows must start with the "Begin" block. The configuration for SaaS User Role blocks can be found here: https://oomnitza.zendesk.com/hc/en-us/articles/360053185893

5. To configure the "SaaS User Role retrieval block", you simply select "Edit" on this block.

6. You will be presented with a two step wizard. Search for the SaaS of choice and click on the '>' arrow control as high-lighted below to proceed with the configuration. (Using Zoom for illustrative purposes)

mceclip2.png

7. The "Name", "Description" and "Doculink" are all provided for you. You need to select the 'Credential' you created previously for Google Workspaces, using the OAuth2.0 authentication method. 

mceclip3.png

Note: With "Deactivated User" selected, we will automatically reconcile deactivated users from your SaaS system (Google Workspaces) back into Oomnitza.

8. Finally, select "Save" and your "SaaS User Role retrieval block' configuration is complete.

9. Your new workflow is ready to run, based off the "Actions" selected if the "Begin" block or else you can run it manually from here.

 

Google Workspaces "User Role" and "Last Login" date

Now that your SaaS User Role block has been setup and the workflow has run, you will be able to get the "User Role" and "Last Login" details from your Google Workspaces integration.

 

Steps:

1. Navigate to "Software>SaaS" and select your software entry for Google Workspaces. Note, that we are continuing to use Zoom for illustrative purposes.

2. From the dialog, navigate to "Users"

mceclip2.png

3. From within "Users", the "Role" and "Last visit" information will be populated directly from your SaaS account (via the SaaS User Role block workflow).

mceclip3.png

 

Documentation Links:

 

API blocks (Presets)

The following Google Workspaces API block Presets are available:

  • Google Workspaces: Create User
  • Google Workspaces: Add User to Group
  • Google Workspaces: Delete User
  • Google Workspaces: Suspend User
  • Google Workspaces: Un-Suspend User
  • Google Workspaces: Sign out User
  • Google Workspaces: Reset Password for User
  • Google Workspaces: Set Email Auto-reply for User (Update Vacation Settings)

  • Google Workspaces: Turn off 2 Step Verification

Prerequisites for all of the above API presets:

1. A Google Workspaces Credential is added using OAuth2.0 Authentication method as described above.

2. Your Google Workspaces SaaS and Contract details with Users are already setup within Oomnitza 

3. You have run a workflow similar to above which would populate Oomnitza with the actual Google Workspaces User Role and Last Login date from your Box SaaS. 

 

Google Workspaces: Create User

With this preset you can create a new user in Google Workspace by sending the email, first name and last name to Google for the user creation. You need to select a proper credential and also specify the user's initial password and make sure that this fits in with your password requirements as defined in Google Workspace. To send additional attributes to Google, you may use the Advanced Mode and edit the body content there. You can find more details on the API at https://developers.google.com/admin-sdk/directory/reference/rest/v1/users/insert .

 

Google Workspaces: Add User to Group

 

 

Google Workspaces: Delete User

Using this setup outlined below, you can create a workflow that would automatically delete a Google Workspaces user account within your Google Workspaces SaaS which was deactivated from within Oomnitza. 

 

Steps:

1. Navigate to "Software>Workflow>SaaS Users".

2. With "Workflow: SaaS Users" now selected, you can select the "Add" button in the top right of your screen.

3. Give your new Workflow a "Workflow name" (mandatory) and a "Workflow description" (optional) before selecting "Add Item" to create it.

4. From the "Tools" section, drag the "API block" onto the "Sandbox" section.

5. To configure the "API block", you simply select "Edit".

6. Select "Show Presets" from the API block dialog. 

7. Search for you Vendor, in this case "Google Workspaces"

8. "Apply" the Preset you wish to use, "Google Workspaces Delete User" in this example.

9. A confirmation message will appear on screen your and the URL will be populated on the dialog.

10. You can update the current "Name" on the dialog before moving onto the "Authorization" tab

11. Set the "Type" to "OAuth2.0" and select the "Credentials" that you have previously created as part of the OAuth2.0 authentication method.

12. Finally, select "Save" and your "API block' configuration is complete.

13. Your new workflow is ready to run, based off the configuration of the "Begin" block or else you can run it manually from here.

 

Google Workspaces: Suspend User

Using this setup outlined below, you can create a workflow that would automatically suspend a Google Workspaces user account.

 

Google Workspaces: Un-Suspend User

Using this setup outlined below, you can create a workflow that would automatically Un-suspend a Google Workspaces user account.

 

Google Workspaces: Sign out User

Using this setup outlined below, you can create a workflow that would automatically sign out a user from all web and device sessions and reset their sign-in cookies. User will have to sign in by authenticating again.

 

Google Workspaces: Reset Password at next Login for User

Using this setup outlined below, you can create a workflow that would automatically ask a user to change their existing password fat their next login.

 

Google Workspaces: Set Email Auto-reply for User (Update Vacation Settings)

Using this setup outlined below, you can create a workflow that would automatically trigger a users email auto-reply, including the email subject, message and optional duration to send a response.

This API Preset contains the following Vacation Settings within the Body:

{
"enableAutoReply": true,
"responseBodyHtml": "Enter email message here",
"responseBodyPlainText": "Enter email message here for Plain Text",
"responseSubject": "Enter Email Subject",
"restrictToContacts": false,
"restrictToDomain": false
}

You can update the message and subject by replacing the text in italics above. You may also want to add some time constraints on when to send the response by adding a "startTime" and "endTime":

See here for further details: https://developers.google.com/gmail/api/reference/rest/v1/VacationSettings

 

JSON representation
 
{
  "enableAutoReply": boolean,
  "responseSubject": string,
  "responseBodyPlainText": string,
  "responseBodyHtml": string,
  "restrictToContacts": boolean,
  "restrictToDomain": boolean,
  "startTime": string,
  "endTime": string
}
Fields
enableAutoReply

boolean

Flag that controls whether Gmail automatically replies to messages.
responseSubject

string

Optional text to prepend to the subject line in vacation responses. In order to enable auto-replies, either the response subject or the response body must be nonempty.
responseBodyPlainText

string

Response body in plain text format. If both responseBodyPlainText and responseBodyHtml are specified, responseBodyHtml will be used.
responseBodyHtml

string

Response body in HTML format. Gmail will sanitize the HTML before storing it. If both responseBodyPlainText and responseBodyHtml are specified, responseBodyHtml will be used.
restrictToContacts

boolean

Flag that determines whether responses are sent to recipients who are not in the user's list of contacts.
restrictToDomain

boolean

Flag that determines whether responses are sent to recipients who are outside of the user's domain. This feature is only available for G Suite users.
startTime

string (int64 format)

An optional start time for sending auto-replies (epoch ms). When this is specified, Gmail will automatically reply only to messages that it receives after the start time. If both startTime and endTime are specified, startTime must precede endTime.
endTime

string (int64 format)

An optional end time for sending auto-replies (epoch ms). When this is specified, Gmail will automatically reply only to messages that it receives before the end time. If both startTime and endTime are specified, startTime must precede endTime.

 

Google Workspaces: Turn off 2 Step Verification

Using this setup outlined below, you can create a workflow that would automatically turn off 2 Step verification if already enabled for an end user.

  • This requires the Admin SDK API to be enabled in your GCP Project

 

Google Workspaces: Add an Email Forwarding Recipient

Using this setup outlined below, you can create a workflow that would automatically add an email forwarding recipient.

  • This requires the Admin SDK API and the Gmail API to be enabled in your GCP Project

 

Google Workspaces: Enable Email Forwarding for User

Using this setup outlined below, you can create a workflow that would automatically enable email forwarding for a user.

  • This requires the Admin SDK API and the Gmail API to be enabled in your GCP Project

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk