Supported Features
The SailPoint Google Workspace connector supports the following features:
Note
Before you can use any item marked with an asterisk (*), SailPoint must activate the feature for your site.
-
Load Google Workspace accounts
-
*Provision Google Workspace accounts
-
Delta Aggregation
-
*Access Certifications (certification of entitlements connected to accounts)
-
HTTP and HTTPS proxy configurations
-
Filtering of user records during full and delta aggregation. For more information, refer to Domain and Aggregation Settings.
For more information on features, refer to Identity Security Cloud Source Features.
Multiple Account Type Support
|
Feature |
Users |
||
|---|---|---|---|
|
Google Workspace |
GCP (User types supported as part of GCP Support) |
||
|
Google Workspace User/ Cloud Identity |
Service Account |
Domain |
|
|
Aggregate |
✔ |
✔ |
✔ |
|
Create |
✔ |
✔ |
✔ |
|
Password Management |
✔ |
NA |
NA |
|
Enable and Disable |
✔ |
✔ |
NA |
|
Archive and Unarchive |
✔ |
NA |
NA |
|
Group Entitlements (Read, Request, and Revoke) |
groups, roles, and resource permission |
resource permission |
resource permission |
Note
The Google Workspace user Archive and Unarchive features are only applicable to Google Workspace users from the managed system itself. This doesn't apply to other account types.
Group Entitlements
Identity Security Cloud is capable of aggregating additional details of Group Entitlements from the managed system. These objects have a separate schema which defines a list of attributes. Aggregation tasks fetch the defined attributes as additional details when it runs aggregation processes for a specific Group Entitlement type.
Supported Google Workspace objects include:
-
Groups
-
Roles
Supported GCP objects are:
-
IAM Roles
-
Projects
-
Folders
-
Resource Permissions
Important
Refer to Using Multiple Group Entitlements with a Preexisting Connector for more information.
Google Workspace Groups are both accounts and entitlements in GCP support. GCP entitlement resource permissions can be assigned to Google Workspace Groups.
Note
Only Group, Role, and Resource Permissions can be requested as multiple group entitlements.
Support for Managing Google Cloud Objects
The Google Workspace connector can manage the following Google Cloud objects:
-
Google Accounts
(Google Workspace Identities + managed Cloud Identities only)
-
Service Accounts
-
Domains
(Google Workspace or Cloud Identity Domain)
-
Google Groups
Supported Authentication Methods
The Google Workspace connector supports the following authentication and authorization methods:
-
Client Credentials (OAuth 2.0 for Web Server Applications)
-
Service Account (OAuth 2.0 for Server to Server Applications)
Support for Multiple Group Objects
The Google Workspace connector supports multiple group objects. Entitlement aggregation is supported for the following:
-
Groups
-
Roles
-
IAM Roles
-
Projects
-
Folders
-
Resource Permissions
Supported Features Comparison with Cloud Governance
Important
If you want to enable additional cloud governance features (for example, visualization of effective access) for your GCP Cloud Infrastructure, you must have a
|
Supported Features |
Google Workspace Connector (Standard Features) |
Google Workspace Connector (With Cloud Governance) |
|---|---|---|
|
Account Management
|
Yes |
Yes |
|
GCP Accounts
|
No |
Yes |
|
Group Management
|
Yes |
Yes |
|
Role Management
|
Yes |
Yes |
|
IAM Role Management
|
No |
Yes |
|
Project Management
|
No |
Yes |
|
Folder Management
|
No |
Yes |
|
IAM Resource Permission Management
|
No |
Yes |