Google Workspace/G Suite Provisioning & Deprovisioning
Google Workspace is an excellent choice for optimizing your organization's productivity and collaboration. However, managing user accounts and access can be daunting, especially for larger teams.
Google Workspace User Provisioning by miniOrange enables you to provision all user identities from external sources automatically in the Google Admin console, without the need for manual setup. This saves time, boosts productivity, and improves security by managing access privileges through the user lifecycle. This helps you to streamline the process of creating, modifying, and removing user accounts, ensuring that everyone in your organization has the right level of access to the tools they need to succeed.
Using miniOrange Google Workspace Provisioning, you can create, update, and delete user accounts in multiple applications and systems with just one click. Our bi-directional provisioning makes it easy to create accounts inside an external application and import them into miniOrange, or vice versa.
When it's time for a user to leave your organization, our Google Workspace Deprovisioning features come into play. By removing access to sensitive applications and resources from people who leave your organization, you can increase your organisation's security profile.
What is SCIM Provisioning and what is it used for?
System for Cross-domain Identity Management (SCIM) is an open standard to automate user provisioning. SCIM standard is a communication medium between an Identity Provider (IDP) and a Service Provider (SP) that requires user identity information.
SCIM provides a defined schema for representing users and groups, and a RESTful API to run CRUD operations on those user and group resources.
With the SCIM protocol, user data is stored in a consistent way and can be shared with different applications. Since data is transferred automatically, complex exchanges are simplified and the risk of error is reduced.
Prerequisites
- Google Workspace prerequisites
- Sign in to your Google Workspace admin console. Click here to learn more.
- Go to Security > API Controls.
- Select Unrestricted:
- Please make sure you’re not logged in to gmail with a user account. Admin account verification can only be done if you’re logged in to Google Workspace via an Admin Account.
- miniOrange prerequisites
Provisioning & Deprovisioning Scenarios
miniOrange provides solutions for all scenarios of provisioning, which includes AD Integration, LDAP Integration and automated provisioning for all External Applications such as Office 365, Google Workspace, Workday, etc
Follow the Step-by-Step Guide given below to setup Google Workspace Provisioning
1. Setup Provisioning in Google Workspace
- Login into miniOrange Admin Console.
- In the Provisioning section and select Google Apps from the dropdown.
- Enter the Admin Username and click on Verify Credentials.
- Login with your Google Admin Account.
- Once logged in successfully, click on Allow button to authorize miniOrange to view and manage the provisioning of users on your domain.
- Once your Google Apps domain identity is verified. We can import users from Google Workspace.
- Enable the provisioning features such as Import User, Create User, Edit User, Delete User and Password Sync which you want for users and click Save.
2. Import Users
- Go to Import Users Tab and select Google Apps from the dropdown. Click on Import to create users in miniOrange.
- Once the import is done. You can view these users in Users >> User List.
3. Create Users
- To create a user in miniOrange, Go to Users >> User List >> click on the Add User button.
- Fill out user basic information and click on Create User button.
- After creating user in miniOrange it will automatically create the same user in Google Workspace.
4. Edit Users
- To update user profile, Go to Users >> User List.
- Select a particular user and in Actions dropdown select Edit.
- Fill out user updated information and click on Save button.
5. Delete Users
- To delete user, Go to Users >> User List.
- Select a particular user and in Actions dropdown select Delete.
- A pop up will appear in which click on Yes button.
6. Password Sync
- To send password sync emails to the users with link to reset their Google Workspace account password, Go to Users >> User List and click on Onboarding Status tab.
- Select users and in Select Action dropdown select Send Activation Mail with Password Reset Link.
- Click on Apply.
- Click on the activation link and it will direct to reset password.
- Once, the new password is set it will be synced.
View Provisioning Reports
How to access Provisioning Reports?
- Navigate to the Reports in the left-hand navigation pane and select Provisioning Report.
- Filter the reports by specifying Enduser Identifier and Application Name criteria. Additionally, choose the desired timespan for the reports. Once done, click on the Search.
- Alternatively, you can directly click on Search to retrieve all provisioning reports based on time without applying any specific filters.
External References
