Supported Features

The SailPoint Google Workspace connector supports the following features:

Account Management

  • Manage GCP members as Accounts

    Supported GCP member types are as follows:

    • Google Account (Google Workspace Identities and Cloud Identities [managed only] )

    • Service account

    • Domain (Google Workspace Or Cloud Identity Domain)

    • Google Group

  • Create, update, and delete accounts

  • Aggregate and refresh accounts

  • Aggregate and provision custom schema attributes

  • Delta aggregation

    Only for Google Account Type

  • Partitioning aggregation

    Only for Google Account Type

  • Enable and disable accounts

    Only for Google Account Type

  • Change password

    Only for Google Account Type

  • Add and remove entitlements

  • Archive and unarchive Google Workspace Users

    Note
    This is only applicable to Google Workspace Users from the managed system itself. This doesn't apply to other account types.

Group Management

  • Manage Google Workspace groups as Account - Groups

  • Aggregate and refresh roles

  • Create, update, and delete groups

  • Add or remove entitlements, and group entitlements for Google Accounts and Service Accounts

Role Management

  • Manage Google Workspace roles as Account - Roles

  • Aggregate and refresh roles

  • Create, update, and delete roles

IAM Role Management

  • Manage GCP Iam roles as iamRole

  • Aggregate and refresh roles

  • Create, update, and delete roles

IAM Resource Permission Management

  • Manage GCP resource permissions as iamResourcePermission

  • Aggregate and refresh IAM resource permissions

Folder Management

  • Manage GCP Folder as – folder

  • Aggregate and refresh folders

Project Management

  • Manage GCP Project as – project

  • Aggregate and refresh projects

  • Manage delegated administrators (supported with Service Account Authorization only) and Aliases on accounts

Other Features

  • Transfer Data from One Google Account to Another Before Deleting the Account

    For information on the attributes to be configured for data transfer, refer to Additional Configuration Parameters.

  • The Google Workspace/GCP Connector Supports Proxy Authentication

Supported Features Comparison with Cloud Governance

Important

If you want to enable additional cloud governance features for your GCP Cloud Infrastructure, you must have a IdentityIQ Cloud Governance license. If you already have a CAM license, no additional license purchase is required. Contact your SailPoint Customer Success Manager to request access and for more information.

Supported Features

Google Workspace Connector (Standard Features)

Google Workspace Connector (With Cloud Governance)

Account Management

  • Manage Google Workspace Users as Accounts

  • Aggregate, Refresh Accounts, Aggregate and Provision Custom Schema Attributes

  • Create, Update, and Delete

  • Enable, Disable, and Change Password

  • Add and Remove Entitlements

  • Manages Delegated Administrators and Alias on Accounts

  • Move User to Other Organization Unit

Yes

Yes

GCP Accounts

  • Service Account

  • Domain (Google Workspace or Cloud Identity Domain)

No

Yes

Group Management

  • Manage Google Workspace Groups as Account - Groups

  • Aggregate and Refresh Group

  • Create, Update, and Delete

Yes

Yes

Role Management

  • Manage Google Workspace Roles as Account - Roles

  • Aggregate and Refresh Roles

  • Create, Update, and Delete

Yes

Yes

IAM Role Management

  • Manage GCP IAM Roles as IAMRole

  • Aggregate and Refresh Role

  • Create, Update, and Delete

No

Yes

Project Management

  • Manage GCP Project as Project

  • Aggregate and Refresh

  • Manages Delegated Administrators (Supported with Service Account Authorization Only) and Alias on Accounts

No

Yes

Folder Management

  • Manage GCP Folder as Folder

  • Aggregate and Refresh

No

Yes

IAM Resource Permission Management

  • Manage GCP Resource Permission as iamResourcePermission

  • Aggregate and Refresh

No

Yes