Google Workspace (G Suite) Provisioning & Deprovisioning

---

Provisioning is supported by Google to automate user provisioning for many cloud applications. With Google Workspace User Provisioning, you can provision all the users with their identities automatically in the Google Admin console.

Google Workspace User Provisioning involves the process of creating, updating and deleting a user's account and access in multiple applications and systems at once.

Provisioning saves time when setting up new users and teams, and also manages access privileges through the user lifecycle. miniOrange can create, read, and update user accounts for new or existing users, remove accounts for deactivated users, and synchronize attributes across multiple user stores.

Google Workspace User Provisioning and deprovisioning actions are bi-directional, so you can create accounts inside an external application and import them into miniOrange, or alternatively create the accounts in miniOrange and then push them out to any linked external applications.

Deprovisioning means deleting a user and removing their access from multiple applications and network systems at once. Deprovisioning action is triggered when an employee leaves a company or changes roles within the organization.

The deprovisioning features increase your organization's security profile by removing access to sensitive applications and content from people who leave your organization.

What is SCIM for?

System for Cross-domain Identity Management (SCIM) is an open standard to automate user provisioning. SCIM standard is a communication medium between an Identity Provider (IDP) and a Service Provider (SP) that requires user identity information.

SCIM provides a defined schema for representing users and groups, and a RESTful API to run CRUD operations on those user and group resources.

With the SCIM protocol, user data is stored in a consistent way and can be shared with different applications. Since data is transferred automatically, complex exchanges are simplified and the risk of error is reduced.

Prerequisites

• Google Workspace prerequisites
• Sign in to your Google Workspace admin console.
• Go to Security > API Controls.
• Select Unrestricted:
• miniOrange prerequisites
• You should sign-in to the miniOrange Admin dashboard

Provisioning & Deprovisioning Scenarios

miniOrange provides solutions for all scenarios of provisioning, which includes AD Integration, LDAP Integration and automated provisioning for all External Applications such as Office 365, Google Workspace, Workday, etc

Follow the Step-by-Step Guide given below for Google Workspace Provisioning

1. Setup Provisioning in Google Workspace

• Login into miniOrange Admin Console.
• In the Provisioning section and select Google Apps from the dropdown.
• Enter the Admin Username and click on Verify Credentials.



• Login with your Google Admin Account.



• Once logged in successfully, click on Allow button to authorize miniorange to view and manage the provisioning of users on your domain.



• Once your Google Apps domain identity is verified. We can import users from Google Workspace.
• Enable the provisioning features such as Import User, Create User, Edit User, Delete User and Password Sync which you want for users and click Save.

2. Import Users

• Go to Import Users Tab and select Google Apps from the dropdown. Click on Import to create users in miniOrange.



• Once the import is done. You can view these users in Users >> User List.

3. Create Users

• To create a user in miniOrange, Go to Users >> User List >> click on the Add User button.
• Fill out user basic information and click on Create User button.



• After creating user in miniOrange it will automatically create the same user in Google Workspace.

4. Edit Users

• To update user profile, Go to Users >> User List.
• Select a particular user and in Actions dropdown select Edit.



• Fill out user updated information and click on Save button.

5. Delete Users

• To delete user, Go to Users >> User List.
• Select a particular user and in Actions dropdown select Delete.



• A pop up will appear in which click on Yes button.

6. Password Sync

• To send password sync emails to the users with link to reset their Google Workspace account password, Go to Users >> User List and click on On Boarding Status tab.
• Select users and in Select Action dropdown select Send Activation Mail with Password Reset Link.
• Click on Apply.



• Click on the activation link and it will direct to reset password.
• Once, the new password is set it will be synced.

External References

• What is User & Group Provisioning?
• Google Workspace Single Sign-On
• Automated Google Workspace Provisioning