Supported Features

The SailPoint Google Workspace connector supports the following features:

Account Management

Manage GCP members as Accounts

Supported GCP member types are as follows:
- Google Account (Google Workspace Identities and Cloud Identities [managed only] )
- Service account
- Domain (Google Workspace Or Cloud Identity Domain)
- Google Group
Create, update, and delete accounts
Aggregate and refresh accounts
Aggregate and provision custom schema attributes
Delta aggregation

Only for Google Account Type
Partitioning aggregation

Only for Google Account Type
Enable and disable accounts

Only for Google Account Type
Change password

Only for Google Account Type
Add and remove entitlements
Archive and unarchive Google Workspace Users

Note
This is only applicable to Google Workspace Users from the managed system itself. This doesn't apply to other account types.

Group Management

Manage Google Workspace groups as Account - Groups
Aggregate and refresh roles
Create, update, and delete groups
Add or remove entitlements, and group entitlements for Google Accounts and Service Accounts

Role Management

Manage Google Workspace roles as Account - Roles
Aggregate and refresh roles
Create, update, and delete roles

IAM Role Management

Manage GCP Iam roles as iamRole
Aggregate and refresh roles
Create, update, and delete roles

IAM Resource Permission Management

Manage GCP resource permissions as iamResourcePermission
Aggregate and refresh IAM resource permissions

Folder Management

Manage GCP Folder as – folder
Aggregate and refresh folders

Project Management

Manage GCP Project as – project
Aggregate and refresh projects
Manage delegated administrators (supported with Service Account Authorization only) and Aliases on accounts

Other Features

Transfer Data from One Google Account to Another Before Deleting the Account

For information on the attributes to be configured for data transfer, refer to Additional Configuration Parameters.
The Google Workspace/GCP Connector Supports Proxy Authentication

Supported Features Comparison with Cloud Governance

Important

If you want to enable additional cloud governance features (for example, visualization of effective access) for your GCP Cloud Infrastructure, you must have a IdentityIQ Cloud Governance license. If you already have a CAM license, no additional license purchase is required. Contact your SailPoint Customer Success Manager to request access and for more information.

Supported Features	Google Workspace Connector (Standard Features)	Google Workspace Connector (With Cloud Governance)
Account Management Manage Google Workspace Users as Accounts Aggregate, Refresh Accounts, Aggregate and Provision Custom Schema Attributes Create, Update, and Delete Enable, Disable, and Change Password Add and Remove Entitlements Manages Delegated Administrators and Alias on Accounts Move User to Other Organization Unit	Yes	Yes
Group Management Manage Google Workspace Groups as Account - Groups Aggregate and Refresh Group Create, Update, and Delete	Yes	Yes
Role Management Manage Google Workspace Roles as Account - Roles Aggregate and Refresh Roles Create, Update, and Delete	Yes	Yes
IAM Role Management Manage GCP IAM Roles as IAMRole Aggregate and Refresh Role Create, Update, and Delete	No	Yes
Project Management Manage GCP Project as Project Aggregate and Refresh Manages Delegated Administrators (Supported with Service Account Authorization Only) and Alias on Accounts	No	Yes
Folder Management Manage GCP Folder as Folder Aggregate and Refresh	No	Yes
IAM Resource Permission Management Manage GCP Resource Permission as iamResourcePermission Aggregate and Refresh	No	Yes


	You are here: