黑料海角91入口

The Google Workspace Integration allows for secure and consistent connectivity between 黑料海角91入口 and Google Workspace. The integration allows an IT Admin to manually provision new user accounts, schedule imports of new users and updates, and continuously synchronize specified user attributes from 黑料海角91入口 to Google or from Google to 黑料海角91入口. In addition, admins can manage distribution groups in Google Workspace from 黑料海角91入口.

Integrating Google Workspace with 黑料海角91入口

You can integrate Google Workspace and 黑料海角91入口 in two different integration scenarios that offer the same benefits. To start configuring the integration, ensure you have reviewed the prerequisites and important considerations.

User Integration Scenarios

1. 黑料海角91入口 manages user identities:
   • 黑料海角91入口 takes over existing Google Workspace accounts 
   • 黑料海角91入口 provisions new Google Workspace accounts
2. Google manages user identities:
   • Google Workspace takes over 黑料海角91入口 accounts
   • Google Workspace provisions new 黑料海角91入口 accounts

Benefits

• Secure, persistent connectivity between 黑料海角91入口 and Google Workspace
• A convenient way to import pre-existing Google accounts into 黑料海角91入口
• Automatic provisioning of new 黑料海角91入口 accounts into Google Workspace
• Continual user attribute synchronization from 黑料海角91入口 to Google accounts
• Accessible self-service account management for your end users
• Simplified login experience:
  • Create a login experience similar to SSO where users log in to 黑料海角91入口 and Google Workspace using the same set of credentials
  • Combine this integration with an SSO integration, or IdP configuration, to allow for federated user logins to either system

Prerequisites

• A 黑料海角91入口 administrator account
• 黑料海角91入口 Device Package or higher
• An active Google Workspace directory
  • Google Workspace directories can contain multiple domains
• A Google user account with the following roles:
  • Groups Admin (pre-built role)
  • User management Admin (pre-built role)
  • Custom role with 鈥楧omain Management鈥� admin API privileges
• One of the following supported licenses:
  • Google Workspace Business edition
  • Google Workspace Education edition
  • Google Workspace Enterprise edition
  • Legacy G Suite Business
  • Legacy G Suite Basic
    • This license requires a valid payment source for user additions
    • Ensure that you validate the billing contact
    • Pending actions need to be completed for password sync to function properly

Considerations

• Don鈥檛 add a Google Workspace directory more than once in 黑料海角91入口. If you authorize sync for the same Google Workspace directory more than once, users that are connected to multiple instances of the same Google Workspace directory in 黑料海角91入口 could be suspended if you remove them from one of the instances. You can avoid this by deactivating the sync for duplicate Google Workspace directories
• Synchronization occurs by matching the user's 黑料海角91入口 email address with the Google Workspace primary email address or any of a user's Google Workspace alias email addresses
• Some user attributes are always synced with Google Workspace. Admins should also review and choose additional user attributes prior to importing/exporting users via the integration. See Configure the Google Workspace Integration
• If you are syncing user data from 黑料海角91入口 to Google, we recommend that you change user emails in the 黑料海角91入口 Admin Portal
• If you change the email domain in 黑料海角91入口 for a linked account to a domain outside of the synced Google Workspace directory, you could cause the user information to stop syncing unless you have configured a list of domains and specified one to use as the default for the integration. See Maintain the Google Workspace Integration
• Most changes users make to their personal attributes in the User Portal will sync to Google Workspace if those attributes are set to sync on export. See Configure the Google Workspace Integration
• Regardless of the user state or Password Configurations security settings in 黑料海角91入口, users must be unbound from the Google Workspace Cloud Directory Integration in 黑料海角91入口 directory to guarantee that 黑料海角91入口 will stop syncing (exporting) information for that user to Google

• Users should be unbound from your Google Workspace Cloud Directory Integration in 黑料海角91入口 before they are deleted in Google. This prevents the user being recreated on the next sync from 黑料海角91入口

Google Workspace Integration Configuration Workflow

1. Prepare for the Google Workspace Integration
   • Review considerations and complete prerequisites
   • Add a new Google Workspace Cloud Directory Integration
     • Authorize the Google Workspace Sync
     • Grant access to the Google Super Admin Account
2. Configure the Google Workspace Integration
   • Configure User Attributes
   • Configure User Password Settings
   • Configure Google Workspace Group(s) Management
   • Configure domains
3. Use the Google Workspace Integration
   • Import Users
     • manually
     • automatically
   • Associate users
4. Maintain the Google Workspace Integration
   • Rename the directory
   • Disable Group Management
   • Manage domains
   • Reactivate sync
   • Deactivate sync

Google Workspace Integration Scenarios

Taking Over Existing Google Workspace Accounts

When you import existing Google Workspace users into 黑料海角91入口 and assign them to a Google Workspace Cloud Directory Sync integration instance you鈥檝e activated, 黑料海角91入口 "takes over" management of those accounts, including being the password authority. 黑料海角91入口 will match the account based on the  email address sent as the PrimaryEmail value for the user. Once 黑料海角91入口 takes over the account, it will sync all attributes set to 鈥淓xport鈥� on the Google integration.  See Configure the Google Workspace Integration.

Provisioning New Google Workspace Accounts

User account provisioning involves creating and maintaining users and their attributes. New Google Workspace accounts can be provisioned in Google Workspace or 黑料海角91入口.

Google Workspace–initiated Provisioning

When a user account is created in the Google Admin console, a temporary password can be sent to an alternate email address, which lets users gain access to their account. When you create a user account in Google Workspace, users are provisioned in 黑料海角91入口 the following way:

1. Import the user into 黑料海角91入口.
2. Associate the user to the Google Workspace directory in which the user was created.
3. Once the user sets their password in the 黑料海角91入口 User Portal, the account synchronization will begin.

黑料海角91入口-initiated Provisioning

When creating a user account in 黑料海角91入口, a user can be given access to their account in two ways. An activation email can be sent to an alternate email address upon activation. Admins can also set a temporary password during account creation.

To send an activation email to an alternate email address via user access to Google Workspace

1. Add the new user to 黑料海角91入口.
   • Associate the user to the Google Workspace directory.
   • In the user's Details tab, navigate to User Security Settings and Permissions > Password Settings and ensure Specify initial password box is unchecked.

2. Save the user.
3. Depending on the user state the user was created in, the flow will vary. To learn more about user states, see Manage User States:
   • Staged 鈥� the user is not notified of the account creation. When you change their user state to 鈥�Active鈥�, you will be asked if you want to send the user an Activation email that tells them how to register their account. You will also be given an option to specify to which email address to send the activation email.
   • Active 鈥� you will be asked if you want to send the user an Activation email that tells them how to register their account. You will also be given an option to specify to which email address to send the activation email.

4. The user will click the link in the activation email and set their password.

5. After the user registers their account, creates an account password, and logs in to their 黑料海角91入口 User Portal, synchronization of their password and all attributes set to 鈥榚xport鈥� will be begin.

To set a temporary password during creation

1. Add the new user to 黑料海角91入口.
2. Associate the user to the Google Workspace directory either directly by selecting the Google Workspace directory from the Directories tab or adding the user to a user group that has access to the Google Workspace directory from the User Groups tab.
3. Enable Specify initial password and set a temporary password. 
4. It is strongly encouraged to select Force user to set their own password at first login.

5. Save the user.
6. Depending on the user state the user was created in, the flow will vary. To learn more about user states, see Manage User States:
   • Staged 鈥� the user is not notified of the account creation. When you change their user state to 鈥�Active鈥�, you will be asked if you want to send the user a Welcome email that tells them to contact their IT admin to receive the password. You will also be given an option to specify to which email address to send the welcome email.
   • Active 鈥� you will be asked if you want to send the user an Welcome email that tells them to contact their IT admin to receive the password. You will also be given an option to specify to which email address to send the welcome email.
7. Securely provide the temporary password that was initially set.
8. Once the user logs in to the 黑料海角91入口 User Portal and sets their password, synchronization of their password and all attributes set to Export will begin.

Authorizing the Google Workspace Integration

To integrate Google Workspace and 黑料海角91入口, you start by authorizing the sync from the 黑料海角91入口 Admin Portal and granting access to the Google Super Admin Account in Google. This step applies to all user integration scenarios.

Considerations

• The Google Workspace Directory integration will stay authorized indefinitely if the following conditions are met:
  • The administrator that authorized the integration continues to exist in both 黑料海角91入口 and Google Workspace
  • The integration has been utilized (via an import or export) in the past six months
• If either of the above conditions aren鈥檛 met, the integration will need to be reauthorized

To authorize the Google Workspace Sync

1. Log in to the .
2. Navigate to DIRECTORY INTEGRATIONS > Cloud Directories.
3. Click ( + ). 
4. Select Google Workspace. 
   
5. Give the Google Workspace directory instance a unique name.鈥嬧��

6. Click authorize sync.
7. Select your admin account then click Allow.
8. If you have already granted access to the Google Super Admin account, move to the next document in this series Configure the Google Workspace Integration.

To grant access to the Google Admin Account

After you authorize Google Workspace sync, you need to grant access to the Admin account.聽This is a Google best practice and needed for providing a single set of identity management controls across all Google services, including Cloud Identity.

1. Log in to Google using with the Admin account.
2. Click Allow.

Next Steps

Ready to Configure?

Check out the next article in this document series, Configure the Google Workspace Integration, to choose user attributes you want to import, export or exclude between 黑料海角91入口 and Google.

Want additional assistance from 黑料海角91入口? 

If you鈥檙e having issues with getting 黑料海角91入口鈥檚 Google Workspace Integration working, try Troubleshoot: Google Workspace Integration.

黑料海角91入口 now offers myriad professional services offerings to assist customers with implementing and configuring 黑料海角91入口. If you鈥檙e looking for assistance with your Google Workspace Integration, we recommend you reach out to 黑料海角91入口鈥檚 Professional Services team on the following page: Professional Services - 黑料海角91入口.

Additional Resources

• Enroll:
• Show Me: