Chat now with support
Chat with Support

Identity Manager 8.1.5 - Administration Guide for Connecting to G Suite

Mapping G Suite in One Identity Manager Synchronizing G Suite Managing G Suite user accounts and employees Provision of login information for G Suite user accounts Managing G Suite entitlement assignments Mapping of G Suite objects in One Identity Manager
G Suite customers G Suite user accounts G Suite groups G Suite products and SKUs G Suite organizations G Suite domains G Suite domain aliases G Suite admin roles G Suite admin privileges G Suite admin role assignments Reports about G Suite objects
Handling of G Suite objects in the Web Portal Basic data for managing G Suite Troubleshooting the connection to a G Suite environment Configuration parameters for managing G Suite Default project templates for G Suite API scopes for the service account Processing G Suite system objects Special features in the assignment of G Suite groups About us

G Suite user accounts

Use One Identity Manager to manage G Suite users. The user data for the registered users is represented in One Identity Manager as user accounts. You can use the user accounts to manage the user's permissions, for example, membership of G Suite groups or administrative permissions.

A user account can be linked to an employee in One Identity Manager. You can also manage user accounts separately from employees.

NOTE: It is recommended to use account definitions to set up user accounts for company employees. In this case, some of the master data described in the following is mapped through templates from employee master data.

NOTE: If employees are to obtain their user accounts through account definitions, the employees must own a central user account and obtain their IT operating data through assignment to a primary department, a primary location, or a primary cost center.

Related topics

Creating G Suite user accounts

To create a user account

  1. In the Manager, select the G Suite | User accounts category.

  2. Click in the result list.

  3. On the master data form, edit the master data for the user account.

  4. Save the changes.

Various communication data and organizational data can be assigned to user accounts, such as e-mail addresses, website, information about the user's organization or relationships to other users.

To assign communication data to a user account

  1. Select the required tabs on the master data form.

  2. Click Add.

    This inserts a new row in the table.

  3. Select this row and edit the master data.

  4. Save the changes.

To edit communication data

  1. Select the required tabs on the master data form.

  2. In the table, select the row that you want to edit.

  3. Edit the master data.

  4. Save the changes.

To remove the assignment of communication data

  1. Select the required tabs on the master data form.

  2. In the table, select the row that you want to remove.

  3. Click Delete.

  4. Save the changes.
Detailed information about this topic
Related topics

Editing master data for G Suite user accounts

To edit master data for a user account

  1. In the Manager, select the G Suite | User accounts category.

  2. Select the user account in the result list and run the Change master data task.

  3. Edit the user account's resource data.

  4. Save the changes.

Various communication data and organizational data can be assigned to user accounts, such as e-mail addresses, website, information about the user's organization or relationships to other users.

To assign communication data to a user account

  1. Select the required tabs on the master data form.

  2. Click Add.

    This inserts a new row in the table.

  3. Select this row and edit the master data.

  4. Save the changes.

To edit communication data

  1. Select the required tabs on the master data form.

  2. In the table, select the row that you want to edit.

  3. Edit the master data.

  4. Save the changes.

To remove the assignment of communication data

  1. Select the required tabs on the master data form.

  2. In the table, select the row that you want to remove.

  3. Click Delete.

  4. Save the changes.
Detailed information about this topic
Related topics

General master data for G Suite user accounts

On the General tab, you enter the following master data:

Table 30: Additional master data for a user account

Property

Description

Employee

Employee that uses this user account. An employee is already entered if the user account was generated by an account definition. If you create the user account manually, you can select an employee in the menu. If you are using automatic employee assignment, an associated employee is found and added to the user account when you save the user account.

You can create a new employee for a user account with an identity of type Organizational identity, Personalized administrator identity, Sponsored identity, Shared identity, or Service identity. To do this, click next to the input field and enter the required employee master data. Which login data is required depends on the selected identity type.

NOTE: To enable working with identities for user accounts, the employees also need identities. You can only link user accounts to which an identity is assigned with employees who have this same identity.

Account definition

Account definition through which the user account was created.

Use the account definition to automatically fill user account master data and to specify a manage level for the user account. One Identity Manager finds the IT operating data of the assigned employee and enters it in the corresponding fields in the user account.

NOTE: The account definition cannot be changed once the user account has been saved.

Manage level

Manage level of the user account. Select a manage level from the menu. You can only specify the manage level can if you have also entered an account definition. All manage levels of the selected account definition are available in the menu.

G Suite customer

Customer to which the user account belongs.

Unique ID

G Suite internal ID of the user account.

First name

User's first name.

Last name

User's last name.

Primary email address

Primary email address for the user account.

G Suite Organization

G Suite organization to which the user account belongs.

Creation time

 Time at which the user account was created.

Deletion time

Time at which the user account was deleted. The user account can be restored within five days.

Risk index (calculated)

Maximum risk index value of all assigned entitlements. The property is only visible if the QER | CalculateRiskIndex configuration parameter is set. For detailed information, see the One Identity Manager Risk Assessment Administration Guide.

Category

Categories for the inheritance of G Suite permissions to the user account. User accounts can selectively inherit permissions. To do this, entitlements, and user accounts are divided into categories.

Select one or more categories from the menu.

Notes content type

Format of notes.

Notes

Text field for additional explanation.

Suspended

Specifies whether the user account is locked.

Suspension reason

Reason for the suspension of the user account.

Aliases

List of all alias email addresses that are set up for this user account.

Non editable aliases

List of all email addresses that cannot be changed. These email addresses do not belong to the primary domain or its subdomains.

Identity

User account's identity type Permitted values are:

  • Primary identity: Employee's default user account.

  • Organizational identity: Secondary user account used for different roles in the organization, for example for subcontracts with other functional areas.

  • Personalized administrator identity: User account with administrative permissions, used by one employee.

  • Sponsored identity: User account that is used for a specific purpose, such as training.

  • Shared identity: User account with administrative permissions, used by several employees. Assign all employees that use this user account.

  • Service identity: Service account.

Entitlements can be inherited

Specifies whether the user account may inherit G Suite permissions through the employee. If this option is set, the user account inherits permissions through hierarchical roles or IT Shop requests.

  1. Example: An employee with a G Suite user account is a member of a department. A G Suite product and SKU are assigned to this department. If this option is set, the user account inherits this product and SKU.

  2. Example: An employee with a G Suite user account requests a G Suite group in the IT Shop. The request is approved and assigned. The user account only inherits this group if this option is active.

Privileged user account

Specifies whether this is a privileged user account.

Include in global address list

Specifies whether the user account is displayed in the global address list.

Included in white list

Specifies whether the IP address for the user account is included in the white list for emails.

Is super admin

Specifies whether the user account has super admin permissions.

Delegated administrator

Specifies whether the user account has delegated admin permissions.

G Suite agreement accepted

Specifies whether the user has performed an initial logon to GSuite and has accepted the G Suite (online) agreement.

Google mailbox is created

Specifies whether a Google mailbox has been created for the user account.

2-step verification is enrolled

Specifies whether 2-step verification for the user account is enrolled.

2-step verification enforced

Specifies whether 2-step verification for the user account is enforced.

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating