Delta Aggregation
Important
The Google Workspace documentation lists the events that can be configured and fetched during delta aggregation. However, some of the attributes, such as isEnrolledIn2Sv, which correspond to event USER_ENROLLED_IN_TWO_STEP_VERIFICATION, are not fetched by the Google Workspace API.
To define the scope for delta account and group aggregations for the Google Workspace connector, you must have a refresh token. For more information on generating a refresh token, refer to Generating OAuth 2.0 Authentication Credentials.
The Google Workspace connector retrieves accounts and entitlements on the basis of Activity Events for delta aggregation.
-
By default, the following events are supported for account delta aggregation:
ADD_NICKNAME,CHANGE_USER_RELATION,CHANGE_USER_ORGANIZATION,CHANGE_USER_IM,CHANGE_LAST_NAME,CHANGE_FIRST_NAME,CHANGE_PASSWORD_ON_NEXT_LOGIN,MOVE_USER_TO_ORG_UNIT,REMOVE_NICKNAME,RENAME_USER,SUSPEND_USER,UPDATE_BIRTHDATE,CHANGE_PASSWORD,UNDELETE_USER,UNSUSPEND_USER,CHANGE_USER_CUSTOM_FIELD
For more information on events, refer to Admin Audit Activity Events - User Settings in the Google Workspace documentation.
-
By default, the following events are supported for entitlement delta aggregation:
CHANGE_GROUP_SETTING,CHANGE_GROUP_DESCRIPTION,CHANGE_GROUP_NAME,DELETE_GROUP,REMOVE_GROUP_MEMBER
For more information on events, refer to Admin Audit Activity Events - User Settings in the Google Workspace documentation.
To change and modify specific events for delta aggregation changes you must add the following attributes using Identity REST API:
-
For account aggregation, use:
Key – connector_accountUpdateEvents
Value – [ADD_NICKNAME|CHANGE_USER_RELATION]
-
For entitlement aggregation, use:
Key – connector_groupUpdateEvents
Value – [CHANGE_GROUP_SETTING|CHANGE_GROUP_DESCRIPTION]
-
Note
For more information on IdentityNow APIs, refer to Best Practices: IdentityNow REST API Authentication and IdentityNow REST API - Update Source (Partial) in the SailPoint Developer Community.