Chat now with support
Chat with Support

Identity Manager 8.1.4 - Administration Guide for Connecting to G Suite

Mapping G Suite in One Identity Manager Synchronizing G Suite Managing G Suite user accounts and employees Provision of login information for G Suite user accounts Managing G Suite entitlement assignments Mapping of G Suite objects in One Identity Manager
G Suite customers G Suite user accounts G Suite groups G Suite products and SKUs G Suite organizations G Suite domains G Suite domain aliases G Suite admin roles G Suite admin privileges G Suite admin role assignments Reports about G Suite objects
Handling of G Suite objects in the Web Portal Basic data for managing G Suite Troubleshooting the connection to a G Suite environment Configuration parameters for managing G Suite Default project templates for G Suite API scopes for the service account Processing G Suite system objects Special features in the assignment of G Suite groups About us

Email notifications about login data

You can configure the login information for new user accounts to be sent by email to a specified person. In this case, two messages are sent with the user name and the initial password. Mail templates are used to generate the messages. The mail text in a mail template is defined in several languages. This means the recipient’s language can be taken into account when the email is generated. Mail templates are supplied in the default installation with which you can configure the notification procedure.

The following prerequisites must be fulfilled in order to use notifications:

  • Ensure that the email notification system is configured in One Identity Manager. For more detailed information, see the One Identity Manager Installation Guide.
  • In the Designer, set the Common | MailNotification | DefaultSender configuration parameter and enter the sender address for sending the email notifications.
  • Ensure that all employees have a default email address. Notifications are sent to this address. For more detailed information, see the One Identity Manager Identity Management Base Module Administration Guide.
  • Ensure that a language can be determined for all employees. Only then can they receive email notifications in their own language. For more detailed information, see the One Identity Manager Identity Management Base Module Administration Guide.

When a randomly generated password is issued for the new user account, the initial login data for a user account is sent by email to a previously specified person.

To send initial login data by email

  1. Enable the TargetSystem | GoogleApps | Accounts | InitialRandomPassword configuration parameter in the Designer.

  2. In the Designer, set the TargetSystem | GoogleApps | Accounts | InitialRandomPassword | SendTo configuration parameter and enter the notification recipient as a value.

    If no recipient can be found, the email is sent to the address stored in the TargetSystem | GoogleApps | DefaultAddress configuration parameter.

  3. In the Designer, set the TargetSystem | GoogleApps | Accounts | InitialRandomPassword | SendTo | MailTemplateAccountName configuration parameter.

    By default, the message sent uses the Employee - new user account created mail template. The message contains the name of the user account.

  4. In the Designer, set the TargetSystem | GoogleApps | Accounts | InitialRandomPassword | SendTo | MailTemplatePassword configuration parameter.

    By default, the message sent uses the Employee - initial password for new user account mail template. The message contains the initial password for the user account.

TIP: To use custom mail templates for emails of this type, change the value of the configuration parameter.

Managing G Suite entitlement assignments

In G Suite, the users can have different entitlements, which are mapped in One Identity Manager as follows:

  • Entitlement for logging on to G Suite

    Table: G Suite Products and SKUs (GAPPaSku)

  • Administrative entitlements

    Table: G Suite Admin role designations (GAPOrgAdminRole)

  • Entitlement for the use of G Suite groups

    Table: G Suite Groups (GAPGroup)

Entitlement assignments refer to the assignment of the various entitlements to user accounts. These include:

  • G Suite user accounts: assignments to products and SKUs (GAPUserInPaSku table)

  • G Suite user accounts: assignments to groups (GAPUserInGroup table)

  • G Suite groups: assignments to customers (GAPCustomerInGroup table)

Detailed information about this topic

Assigning G Suite entitlements to user accounts in One Identity Manager

In One Identity Manager, G Suite entitlements can be assigned directly or indirectly to employees.

In the case of indirect assignment, employees, and entitlements are organized in hierarchical roles. The number of entitlements assigned to an employee is calculated from the position in the hierarchy and the direction of inheritance. If the employee has a G Suite user account, the entitlements are assigned to this user account.

Entitlements can also be assigned to employees through IT Shop requests. To enable the assignment of entitlements using IT Shop requests, employees are added as customers in a shop. All entitlements assigned to this shop as products can be requested by the customers. After approval is granted, requested entitlements are assigned to the employees.

You can use system roles to group entitlements together and assign them to employees as a package. You can create system roles that contain only G Suite entitlements. System entitlements from different target systems can also be grouped together in a system role.

To react quickly to special requests, you can also assign the entitlements directly to user accounts.

Prerequisites

  • For departments, cost centers, locations, or business roles, the assignment of persons, G Suite products and SKUs and G Suite groups is permitted.

  • The Entitlements can be inherited option is selected for the user accounts.

  • The user accounts are linked with an employee through the UID_Person (Person) column.

  • User accounts and entitlements belong to the same customer.

For detailed information see the following guides:

Theme

Guide

Inheritance of company resources

One Identity Manager Identity Management Base Module Administration Guide

One Identity Manager Business Roles Administration Guide

Assigning company resources through IT Shop requests

One Identity Manager IT Shop Administration Guide

System roles

One Identity Manager System Roles Administration Guide

Detailed information about this topic

Assigning G Suite entitlements to departments, cost centers, and locations

Assign groups and products and SKUs to departments, cost centers, or locations in order to assign them to user accounts through these organizations.

To assign a permission to a department, cost center or location (non role-based login):

  1. Select one of the following categories.

    • G Suite | Groups

    • G Suite | Products and SKUs

  2. Select the entitlements in the result list.

  3. Select the Assign organizations task.

  4. In the Add assignments pane, assign the organizations:

    • On the Departments tab, assign departments.

    • On the Locations tab, assign locations.

    • On the Cost centers tab, assign cost centers.

    TIP: In the Remove assignments pane, you can remove assigned organizations.

    To remove an assignment

    • Select the organization and double-click .

  5. Save the changes.

To assign permissions to a department, cost center or location (role-based login)

  1. Select the Organizations | Departments category.

    - OR -

    Select the Organizations | Cost centers category.

    - OR -

    Select the Organizations | Locations category.

  2. Select the department, cost center or location in the result list.

  3. Select one of the following tasks.

    • G Suite Assign groups

    • G Suite Assign products and SKUs

  4. In the Add assignments pane, assign the entitlements.

    - OR -

    In the Remove assignments pane, remove the entitlements.

  5. Save the changes.
Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating