Chat now with support
Chat with Support

Identity Manager 8.0.1 - Administration Guide for Connecting to G Suite

Managing G Suite Setting Up G Suite Synchronization Base Data for Managing G Suite Troubleshooting Appendix: Configuration Parameter for Managing G Suite Appendix: Default Project Templates for G Suite Appendix: Editing System Objects

Managing G Suite

Managing G Suite

One Identity Manager offers simplified user administration for G Suite. One Identity Manager concentrates on setting up and editing user accounts and providing the required permissions. For this, groups, organizations, permissions, admin roles, products and SKUs are mapped in One Identity Manager.

One Identity Manager provides company employees with the necessary user accounts. For this, you can use different mechanisms to connect employees to their user accounts. You can also manage user accounts independently of employees and therefore set up administrator user accounts.

For more detailed information about the G Suite structure, see the G Suite documentation from Google.

Architecture Overview

To access G Suite data, the G Suite connector is installed on a synchronization server. The G Suite connector establishes communication with the G Suite to be synchronized through several REST APIs provided by Google Inc. The synchronization server ensures data is compared between the One Identity Manager database and G Suite.

Figure 1: Architecture for synchronization

One Identity Manager Users for Managing G Suite

One Identity Manager Users for Managing G Suite

The following users are used for setting up and managing a G Suite system.

Table 1: Users

User

Task

Target system administrators

Target system administrators must be assigned to the application role Target system | Administrators.

Users with this application role:

  • Administrate application roles for individual target systems types.
  • Specify the target system manager.
  • Set up other application roles for target system managers if required.
  • Specify which application roles are conflicting for target system managers
  • Authorize other employee to be target system administrators.
  • Do not assume any administrative tasks within the target system.

Target system managers

Target system managers must be assigned to the application role Target systems | G Suite or a sub application role.

Users with this application role:

  • Assume administrative tasks for the target system.
  • Create, change or delete target system objects, like user accounts or groups.
  • Edit password policies for the target system.
  • Prepare system entitlements for adding to the IT Shop.
  • Configure synchronization in the Synchronization Editor and defines the mapping for comparing target systems and One Identity Manager.
  • Edit the synchronization's target system types and outstanding objects.
  • Authorize other employees within their area of responsibility as target system managers and create child application roles if required.

One Identity Manager administrators

  • Create customized permissions groups for application roles for role-based login to administration tools in the Designer, as required.
  • Create system users and permissions groups for non-role based login to administration tools, as required.
  • Enable or disable additional configuration parameters in the Designer, as required.
  • Create custom processes in the Designer, as required.
  • Create and configures schedules, as required.
  • Create and configure password policies, as required.

Setting Up G Suite Synchronization

Setting Up G Suite Synchronization

One Identity Manager supports synchronization with G Suite. One Identity Manager Service is responsible for synchronizing data between the One Identity Manager database and G Suite.

To load G Suite objects into the One Identity Manager database for the first time

  1. Prepare a user with sufficient permissions for synchronizing in G Suite.
  2. The One Identity Manager parts for managing G Suite systems are available if the configuration parameter "TargetSystem\GoogleApps" is set.

    • Check whether the configuration parameter is set in the Designer. Otherwise, set the configuration parameter and compile the database.

    • Other configuration parameters are installed when the module is installed. Check the configuration parameters and modify them as necessary to suit your requirements.
  3. Install and configure a synchronization server and declare the server as Job server in One Identity Manager.
  4. Create a synchronization project with the Synchronization Editor.
Detailed information about this topic
Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents