Supported Features
The SailPoint Google Workspace connector supports the following features:
Note
Before you can use any item marked with an asterisk (*), SailPoint must activate the feature for your site.
-
Load Google Workspace accounts
-
*Provision Google Workspace accounts
-
Delta Aggregation
-
*Access Certifications (certification of entitlements connected to accounts)
-
HTTP and HTTPS proxy configurations
-
Filtering of user records during full and delta aggregation. For more information, refer to Domain and Aggregation Settings.
-
Delete Accounts
For more information on features, refer to Identity Security Cloud Source Features.
Multiple Account Type Support
The following table provides an overview of the different user management features and their availability for each user type across Google Workspace, Google Cloud Platform (GCP), and Cloud Identity services:
|
Feature |
User Types |
||
|---|---|---|---|
|
Google Workspace |
GCP (User type supported as a part of GCP Support) |
||
|
Google Workspace User / Cloud Identity |
Service Account |
Domain |
|
|
Aggregate |
✔ |
✔ |
✔ |
|
Create |
✔ |
✔ |
✔ |
|
Password Management |
✔ |
NA |
NA |
|
Enable and Disable |
✔ |
✔ |
NA |
|
Archive and Unarchive |
✔ |
NA |
NA |
|
Group Entitlements (Read, Request, and Revoke) |
Supports groups, roles, and resource permissions. |
Supports resource permissions only. |
Supports resource permissions only. |
Note
The Google Workspace user Archive and Unarchive features are only applicable to Google Workspace users from the managed system itself. This doesn't apply to other account types.
Group Entitlements
When an aggregation task runs for a specific Group Entitlement type in Google Workspace, ISC fetches the defined attributes as per the corresponding schema. This allows for the collection of additional relevant details associated with each Group Entitlement object within the Google Workspace environment.
Supported Google Workspace objects include:
-
Groups
-
Roles
Supported GCP objects are:
-
IAM Roles
-
Projects
-
Folders
-
Resource Permissions
Important
Refer to Using Multiple Group Entitlements with a Preexisting Connector for more information.
Google Workspace Groups are both accounts and entitlements in GCP support. GCP entitlement resource permissions can be assigned to Google Workspace Groups.
Note
Only Groups, Roles, and Resource Permissions are supported for multiple group entitlements.
Support for Managing Google Cloud Objects
The Google Workspace connector can manage the following Google Cloud objects:
-
Google Accounts
(Google Workspace Identities + managed Cloud Identities only)
-
Service Accounts
-
Domains
(Google Workspace or Cloud Identity Domain)
-
Google Groups
Supported Authentication Methods
The Google Workspace connector supports the following authentication and authorization methods:
-
Client Credentials (OAuth 2.0 for Web Server Applications)
-
Service Account (OAuth 2.0 for Server to Server Applications)
Support for Multiple Group Objects
The Google Workspace connector supports multiple group objects. Entitlement aggregation is supported for the following:
-
Groups
-
Roles
-
IAM Roles
-
Projects
-
Folders
-
Resource Permissions
Supported Features Comparison with Cloud Governance
Important
If you want to enable additional cloud governance features
|
Supported Features |
Google Workspace Connector (Standard Features) |
Google Workspace Connector (With Cloud Governance) |
|---|---|---|
|
Account Management
|
Yes |
Yes |
|
GCP Accounts
|
No |
Yes |
|
Group Management
|
Yes |
Yes |
|
Role Management
|
Yes |
Yes |
|
IAM Role Management
|
No |
Yes |
|
Project Management
|
No |
Yes |
|
Folder Management
|
No |
Yes |
|
IAM Resource Permission Management
|
No |
Yes |