Supported Features

The SailPoint Google Workspace SaaS connector supports the following features:

Important
You must purchase a SailPoint Cloud Infrastructure Entitlement Management (CIEM) license to enable Google Cloud Platform (GCP) features. Contact your SailPoint Customer Success Manager for more information and to request access.

Note
Before you can use any item marked with an asterisk (*), SailPoint must activate the feature for your site.

Aggregation of Google Workspace accounts (user, service account, domain)
*Provisioning of Google Workspace accounts (user, service account, domain)
*Access Certifications (certification of entitlements connected to accounts)
Delta Aggregation
Filtering of user records during full and delta aggregation. For more information, refer to Advanced Settings.

Note
The following table details the supported feature set for each account type.

Multiple Account Type Support

Feature	Users
	Google Workspace	GCP (User types supported as part of GCP Support)
	Google Workspace User/ Cloud Identity	Service Account	Domain
Aggregate	✔	✔	✔
Create	✔	✔	✔
Password Management	✔	NA	NA
Enable and Disable	✔	✔	NA
Group Entitlements (Read, Request, and Revoke)	groups, roles, and resource permission	resource permission	resource permission

Group Entitlements

Identity Security Cloud is capable of aggregating additional details of Group Entitlements from the managed system. These objects have a separate schema which defines a list of attributes. Aggregation tasks fetch the defined attributes as additional details when it runs aggregation processes for a specific Group Entitlement type.

Supported Google Workspace objects include:

Groups
Roles

Supported GCP objects are:

IAM Roles
Projects
Folders
Resource Permissions

Google Workspace Groups are both accounts and entitlements in GCP support. GCP entitlement resource permissions can be assigned to Google Workspace Groups.

Note
Only Group, Role, and Resource Permissions can be requested as multiple group entitlements.

Support for Managing Google Cloud Objects

The Google Workspace SaaS connector can manage the following Google Cloud objects:

Google Accounts

(Google Workspace Identities + managed Cloud Identities only)
Service Accounts
Domains

(Google Workspace or Cloud Identity Domain)
Google Groups

Supported Authentication Methods

The Google Workspace SaaS connector supports the following authentication and authorization methods:

Client Credentials (OAuth 2.0 for Web Server Applications)
Service Account (OAuth 2.0 for Server to Server Applications)

Support for Multiple Group Objects

The Google Workspace SaaS connector supports multiple group objects. Entitlement aggregation is supported for the following:

Groups
Roles
IAM Roles
Projects
Folders
Resource Permissions

Supported Features Comparison with Cloud Governance

Important

If you want to enable additional cloud governance features (for example, visualization of effective access) for your GCP Cloud Infrastructure, you must have a CIEM license. If you already have a Cloud Access Management license, no additional license purchase is required. Contact your SailPoint Customer Success Manager to request access and for more information.

Supported Features	Google Workspace Connector (Standard Features)	Google Workspace Connector (With Cloud Governance)
Account Management Manage Google Workspace Users as Accounts Aggregate, Refresh Accounts, Aggregate and Provision Custom Schema Attributes Create, Update, Delete Enable, Disable, and Change Password Add and Remove Entitlements Manages Delegated Administrators and Alias on Accounts Move User to Other Organization Unit	Yes	Yes
GCP Accounts Service Account Domain (Google Workspace or Cloud Identity Domain)	No	Yes
Group Management Manage Google Workspace Groups as Account - Groups Aggregate Group	Yes	Yes
Role Management Manage Google Workspace Roles as Account - Roles Aggregate Roles	Yes	Yes
IAM Role Management Manage GCP IAM Roles as IAMRole Aggregate Role	No	Yes
Project Management Manage GCP Project as Project Aggregate Manages Delegated Administrators (Supported with Service Account Authorization Only) and Alias on Accounts	No	Yes
Folder Management Manage GCP Folder as Folder Aggregate	No	Yes
IAM Resource Permission Management Manage GCP Resource Permission as iamResourcePermission Aggregate	No	Yes

Activity Insights

Activity Insights supports activity from Google Workspace and its associated accounts. This allows you to gather account information and activity data from Google Workspace.

Important
Contact your SailPoint Customer Success Manager (CSM) for more information on Activity Insights. For more information on configuring Activity Insights, refer to Activity Insights Settings.

Feedback is provided as an informational resource only and does not form part of SailPoint's official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.