PingOne Advanced Identity Cloud

Google Workspace

The Google Workspace application template allows you to provision users and groups to a Google Workspace instance.

Register the application

  1. In the Advanced Identity Cloud admin console, go to Applications, and click grid_view Browse App Catalog.

  2. In the Browse App Catalog modal, select an application, and click Next.

  3. Review the Application Integration information, and click Next.

  4. In the Application Details window, specify the name, description, application owners, and logo for the application.

  5. To make the application an Authoritative source of identity data, select the Authoritative check box. This option is not available for every application.

  6. Click Create Application.

Configure provisioning

  1. In the Advanced Identity Cloud admin console, on the Provisioning tab:

    • If setting up provisioning for the first time, click Set up Provisioning.

    • When editing existing settings in the Connection area, click Settings.

  2. Find and copy the Authorized Redirect URI.

  3. Log in to Google Cloud Console.

  4. In the Credentials area of your project, enter the Authorized Redirect URI you copied in an earlier step.

  5. Save your work.

  6. Return to the Advanced Identity Cloud admin console.

  7. On the Provisioning tab, set the Client ID and Client Secret.

  8. Optionally, click Show advanced settings to set any of the following options:

    Application specific settings
    Option Description

    Exclude Unmodified

    Select this option to synchronize only the modified properties on a target resource.
    Pool configuration
    Field Description

    Max idle and active container instances

    The maximum number of idle and active container instances. The default value is 10.

    Max Idle Connector Instances

    The maximum number of idle connector instances. The default value is 10.

    Set Timeout Period

    Select to enable a timeout period for the connection. After enabling, configure the following:

    • Timeout period (ms): The timeout period in milliseconds.

    Set Minimum Idle Time

    Select to set a minimum time (in milliseconds) before an idle object is removed. After enabling, configure the following:

    • Min idle time (ms): The minimum idle time in milliseconds.

    Min Idle Instances

    The minimum number of idle connector instances.
    Result Handler configuration
    Field Description

    Enable for connectors with the attribute normalizer interface

    Enables the attribute normalizer interface for supported connectors.

    Enable local filtering/search features

    Enables local filtering and search capabilities.

    Enable case insensitive filter

    Configures filters to ignore case sensitivity.

    Enable configuration of search attributes; disable for local connectors

    Enables search attribute configuration. Disable this option for local connectors.

    1. In the Operation Timeouts (ms) area, select the operations to enforce timeouts on and enter the duration in milliseconds.

      Available operations include Create, Validate, Test, Enable a Script on the Connector, Schema, Delete, Update, Sync, Authenticate, Get, Enable a Script on the Target, and Search.

    2. In the Operation Rate Limits area, select the operations to enforce rate limits on.

      You can enforce limits on specific operations, including Create, Validate, Test, Script on Connector, Schema, Delete, Update, Sync, Authenticate, Get, Script on Target, and Search.

      For each selected operation, configure the following fields:

      Field Description

      Request Limit

      Requests allowed over time.

      Request Period

      Limit resets after this time (ms).

      Request Timeout

      Time before exception thrown (ms).

  9. Click Connect.

  10. When you are redirected to Google, log in using your admin credentials.

  11. On the next screen, click Allow. You are then redirected back to the Advanced Identity Cloud admin console.

  12. Verify the information in the Details tab.

Provision side tabs

The object type determines the side tabs that display on the Provisioning tab. Use the object type list to select an object type, such as Group. Afterward, you can configure properties in the different sub-tabs under the Provisioning tab.

Sub-tabs under the Provisioning tab
Provisioning tab Description Related sections

Details

View and manage an application, including name, ID, and native type.

Select the specific application from Provision settings for an application.

Properties

View and manage properties for the selected object type.

Manage application attributes

Data

View data about the selected object type.

View user access data

Mapping

View and manage mappings from the Advanced Identity Cloud admin console properties to external system properties and from external system properties to the Advanced Identity Cloud admin console properties.

Manage mappings

Reconciliation

Preview mappings on target applications between external systems and the Advanced Identity Cloud admin console, and reconcile the data between the two systems.

View and manage rules for the users and groups that use your application.

View and manage schedules for Full and Incremental reconciliation.

Reconcile and synchronize end-user accounts

Privacy & Consent

Manage end-user data sharing and synchronization.

Configure end-user data sharing

Rules

View and manage provisioning rules for mappings between Advanced Identity Cloud and a target application.

Manage provisioning rules

Advanced Sync

Create and manage mappings between an identity profile and an application or between applications.

Manage advanced sync

Next steps