Hello there!

Need Help? We are right here!

miniorange Support~
miniOrange Email Support
success

Thanks for your Enquiry.

If you don't hear from us within 24 hours, please feel free to send a follow-up email to info@xecurify.com

Search Results:

×

Google Workspace/G Suite Provisioning & Deprovisioning


Google Workspace User Provisioning by miniOrange enables you to provision all user identities and groups from miniOrange automatically in the Google Admin console. While initial setup requires a few manual steps, this service automates the ongoing user and group lifecycle management, which saves time, boosts productivity, and improves security by managing access privileges. This automation helps you streamline the process of creating, modifying, and removing user accounts and groups, ensuring that everyone in your organization has the right level of access to the tools they need to succeed.

miniOrange supports importing users and groups from Google Workspace (Inbound Provisioning). Once in miniOrange, these users and groups can be seamlessly provisioned (synced) to various other external applications using miniOrange's provisioning services. This makes miniOrange a central identity hub, ensuring consistent user and group data across all applications.

Prerequisites


Follow the Step-by-Step Guide given below to setup Google Workspace Provisioning

Step 1: Setup Provisioning Application in miniOrange

  • Log in to the miniOrange Admin Console.
  • Click on Apps. It shows a list of all configured applications and option to modify them. Click on Add Application.
  •  Google workspace: miniOrange Admin Console showing Add Application button in Apps menu

  • Search for Google and select Google Provisioning App.
  • Select Google Workspace

  • Enter a display name for the app and click Save.
  • Google Apps Provisioning :Enter basic details

  • On the Authorization tab, choose one of the following options based on your setup:
  • Google Apps Provisioning : Verify credentials

Note: This guide covers the Default Authorization flow for configuring Google Workspace Provisioning. If your application requires Custom Authorization, please navigate to the Custom Authorization tab and follow the step-by-step instructions provided there to complete the authorization setup.



  • Log in with your Google Admin Account.
  • Google Workspace provisioning password

  • Once logged in successfully, click the Allow button to authorize miniOrange to view and manage the provisioning of users on your domain.
  • Google Workspace provisioning verify

  • Once verification is complete, the Verify Credential button will change to Reverify Credentials.
  • Google Apps Provisioning : Reverify credentials

Implementing Identity Synchronization via miniOrange

Purpose and Document Overview

This standard operating procedure (SOP) defines the authoritative, generalized workflow for establishing automated user synchronization from the miniOrange identity platform to a target Google Workspace organization.

Following this structured architecture ensures robust data handshakes and seamless identity verification across directory ecosystems.

Environmental and System Requirements

Before beginning configuration, ensure the following parameters are established:

  • Administrative access to both the target Google Workspace Admin Console and the Google Cloud Console.
  • Primary administrative clearance within the miniOrange Admin Dashboard.
  • An allocated or active Google Cloud project allocated for identity management services.

Configuration Action Plan

    Step 1: Activating APIs & Preparing Google Cloud Project

    • Log in to the Google Admin Console and navigate to your linked Google Cloud Console.
    • Select your active organization project assigned to directory integration, or provision a specific project explicitly for miniOrange synchronization.
    • Google Apps Provisioning : google cloud project selection

    • Navigate to the API Library, search for Admin SDK API, and ensure it is fully enabled within the project to permit downward identity modifications.
    • Google Apps Provisioning : google cloud Admin sdk api enable

    Step 2: OAuth Application Settings:

    • In the left-hand navigation menu of the Cloud Console, select APIs & Services >> OAuth consent screen.
    • Under the initial setup module, populate the mandatory deployment details:
      • App name: Enter a recognizable system descriptor, (e.g., miniOrange Custom Provisioning).
      • User support email: Choose an active infrastructure administrator email address from the dropdown list.
    • Developer Contact Info: Enter valid developer contact emails in the final configuration sequence.
    • Google Apps Provisioning : oauth application settings

    • Click Finish and select Create to commit the consent screen baseline properties.

    Step 3: Creating and Registering API Credentials:

    • Access the Branding section and map the authorized domains to match the administrative configurations present inside your active miniOrange console, then click Save.
    • Navigate to the Credentials menu tab to generate cryptographic secrets:
    • Click Create Credentials and select OAuth client ID from the options.
    • Application type: Select Web application from the dropdown menu.
    • Google Apps Provisioning : api credentials registartion

    • Name: Assign your designated system reference identifier.
    • Authorized redirect URIs: Copy the exact redirect URL provided inside your miniOrange provisioning portal and paste it into this field.
    • Google Apps Provisioning : google cloud api credentials creation

    • Click Create to initialize the credential instance.
    • Copy the generated Client ID and Client Secret tokens from the modal window and store them securely.
    • Google Apps Provisioning : client id client secret

    Step 4: Specifying Authorized Identity Parameters:

    • Return to the Google Cloud Console OAuth consent panel and locate the Data Access / Scopes module.
    • Click Add or Remove Scopes to expose the API permissions.
    • Search for and explicitly select the following three required identity scopes:
      • https://www.googleapis.com/auth/userinfo.email - Provides access to the primary Google Account email address.
      • https://www.googleapis.com/auth/userinfo.profile - Provides access to public personal profile information.
      • https://www.googleapis.com/auth/openid - Associates users with their unique personal profile identity on Google.
    • Google Apps Provisioning : google oauth required scopes

    • Click Update and select Save to apply the data access policies.

    Step 5: Establishing Connection and Launching Handshake:

    • Log into your miniOrange administration portal.
    • Navigate to the Custom Authorization / Provisioning settings for your target application.
    • Input the Client ID and Client Secret tokens copied during Phase III directly into the designated secure fields.
    • Execute the Verify Credentials action within the miniOrange console to establish the downward API pipeline and validate the live directory synchronization handshake.
    • Google Apps Provisioning : api connection handshake setup

Implementation Quality Checklist

The following matrix serves as the deployment validation baseline prior to promoting the integration to production status:

    Integration Checkpoint Target Configuration Metric Expected Verification Status
    Identity Data Scopes Verified scopes userinfo.email, userinfo.profile, and openid correctly bound. Verified Success
    Google SDK APIs Admin SDK API validated as active within the Google Cloud project. Verified Success
    Synchronization Vector Configured to push identities downward from miniOrange into Google Workspace. Verified Success
    Action Policies Create Users permission enabled. Updates and Deletes are optional. Verified Success

Operational Safety Guidelines

  • Identity Conflict Prevention: Prior to executing an initial batch synchronization, audit the target directory to verify that test identities do not conflict with pre-existing structural records inside Google Workspace, minimizing early push duplication errors.
  • System State: Once this precise workflow sequence is completed, Google Single Sign-On (SSO) and Automated User Provisioning functions will run in a fully unified state across platforms.

Attribute Mapping

  • Map the user Attributes between miniOrange and Google Workspace.
  • Google Apps Provisioning : Google attribute

  • Add custom attributes by clicking on Add a Row if necessary.
  • Google Apps Provisioning :Click on add a row

  • For custom attributes, verify the Category and Field names from Google Admin Console:

    (Directory >> Users >> Manage Custom Attributes)

    Refer to the screenshot below to identify the Category and Field names.

    Custom Attributes Screenshot

    and use them in the format: customSchemas.<Category>.<Field>.

    Example: customSchemas.DepartmentValue.UserDepartment

    Note: If the Category or Field name contains spaces, replace them with underscores (_).


    Example: customSchemas.Department_Attribute.User_Department

  • Google Apps Provisioning : Sync attribute

    Note: Google Workspace supports multiple custom attribute types such as Text, Number, Boolean, Date, and Multi-value fields. While configuring these in miniOrange, ensure the corresponding attribute type is selected appropriately:


  1. Text / String → TextBox
  2. Number / Decimal → TextBox (handled as string in miniOrange)
  3. Boolean → Toggle (true/false)
  4. Date → Date Picker (MM/DD/YYYY format)
  5. Multi-value → Checkbox (values separated by semicolon)
  • Click on Save >> Next.
  • Google Apps Provisioning : Save attribute

Step 2: Importing Users from Google to miniOrange (Inbound)

  • Choose the objects you want to import from Google Workspace.
  • Check the required options and click on Import.
  • Google Apps Provisioning : Click on import

  • Now users and groups are successfully imported to miniOrange.
  • If you want to import users from groups, you can click on Sync User Group Assignments. Before doing this, make sure that the groups have already been imported.
  • Google Apps Provisioning : Sync user group assignments

Step 3: Provisioning Users from miniOrange to Google (Outbound)

  • This section outlines the process for provisioning (creating, updating, and deleting) user accounts and groups from miniOrange to Google Workspace.
  • Enable the provisioning features you require, such as:
    • Create User
    • Update User
    • Delete User
    • Password Sync
    • Account Enable/Disable sync
    • Create Group
    • Delete Group
    • Add/Remove group membership of user
  • Google Apps Provisioning : Enable the provisioning features

    Provisioning configure

    Note: User provisioning to Google Apps is based on Group Assignment Logic: When a user is added to the assigned group(s) in Group Assignments, they will be provisioned according to the features that have been enabled. You will configure these group assignments in the next steps.


Group Assignments

  • Assign the Groups here that you want to provision to Google. Only users belonging to these assigned groups will be provisioned from miniOrange to Google Workspace.
  • Google Apps Provisioning : Group assignments

  • Select groups that you want to provision and click on Save.
  • Google Apps Provisioning : Select groups

    Google Apps Provisioning : Save group

Create Users

  • To create a user in miniOrange, Go to Users >> User List >> click on the Add User button.
  • Fill out the user basic information and click on the Create User button.
  • Google Apps Provisioning : Add user

  • After creating a user, Go to Groups >> Manage Groups
  • Select a group that you have added in Group Assignment and assign users to it.
  • Google Apps Provisioning : Assignment groups

  • After assigning a user into a group it will automatically create the same user in Google Workspace.

Edit Users

  • To update the user profile, Go to Users >> User List.
  • Select a particular user and in Actions dropdown select Edit.
  • Google Apps Provisioning : User list select edit

  • Fill out user updated information and click on Save button.
  • Google Apps Provisioning : Edit user details

  • Once the user profile is updated in miniOrange, the changes will be automatically reflected in Google Workspace.

Delete Users

  • To delete users, Go to Users >> User List.
  • Select a particular user and in Actions dropdown select Delete.
  • Google Apps Provisioning : Select delete

  • A pop up will appear when you click on the Yes button.
  • Google Apps Provisioning : Delete user

  • Once the user is deleted in miniOrange, it will be automatically deleted from Google Workspace.

Password Sync

  • On the miniOrange side, whenever a user resets their password (via reset password link or any other flow), the updated password is automatically synced to Google Workspace.
  • Any password change performed within miniOrange is reflected in Google Workspace in real-time.

Create Group

  • To create a group, Go to Groups >> Manage Groups.
  • Click on Create Group
  • Google Apps Provisioning: Add Group

  • Enter the group name and click on Create Group.
  • Google Apps Provisioning: Enter group name

  • Now go to Apps >> Select Google Provisioning App Under action click on edit.
  • Google Apps Provisioning : Select Google provisioning app

  • Make sure you have enabled this Create Group Option
  • Google Apps Provisioning : Create group options

  • Go to Group Assignments under that click on Assign Groups
  • Google Apps Provisioning : Group assignments

  • Assign groups that you want to provision to google workspace and click on Save.
  • Google Apps Provisioning : Google provisioning groups

  • Now your group has been successfully provisioned to Google Workspace.

Delete Group

  • Make sure that you have enabled Delete Groups options in Google Provisioning Apps
  • Google Apps Provisioning : Delete Google app

  • Go to Groups >> Manage Groups
  • Delete the group that you want to delete from Google Workspace.
  • Google Apps Provisioning: Delete group

  • Now your group has been successfully deleted from Google Workspace.

4. Automatic Scheduled-Based Import

  • Navigate to the Automations tab and open the Schedulers section.
  • Note: If the Schedulers tab is not visible, contact idpsupport@xecurify.com to have it enabled.


    Schedulers section in Automations tab for google workspace provisioning

  • To create a new scheduler, click on the Create New Scheduler button.
  • Create New Scheduler button for google workspace provisioning

  • Configure the Scheduler Settings by choosing the frequency (Once, Hourly, Daily, Weekly, Monthly).
  • Specify the associated scheduling details and select the Timezone in which the scheduler should run.
  • Once configured, click Save and Next.
  • Save and Next for google workspace provisioning

  • The next step is to configure the Job and assign it to the scheduler that was created by clicking on the Assign New Job button.
  • Assign New Job for google workspace provisioning

  • Choose the application from which the import needs to be performed, along with the job task required (Import the users, groups or user group assignments).
  • Assign Job form with job type, application and job tasks for google workspace provisioning

  • Then click on the Assign button.
  • Manage scheduler jobs list for google workspace provisioning

    Note: If you want to import data from multiple applications, you can assign multiple jobs to the same scheduler.


  • Once the configuration is complete, automated scheduled imports will run based on the defined schedule.
  • To view scheduler execution details, navigate to Reports from the left menu and scroll down to check the Scheduler History.
  • Scheduler History for google workspace provisioning

  • This report will give you complete information about all the scheduler's history. Know the duration and the jobs that ran during the periods:
  • Scheduler History Report for google workspace provisioning



View Provisioning Reports

How to access Provisioning Reports?

  • Navigate to Reports in the left-hand navigation pane, search for Provisioning, and select Provisioning Report.
  • Provisioning Report

  • Filter the reports by specifying Enduser Identifier and Application Name criteria. Additionally, choose the desired timespan for the reports. Once done, click on the Search.
  • Search Provisioning Report

  • Alternatively, you can directly click on Search to retrieve all provisioning reports based on time without applying any specific filters.


External References

Want To Schedule A Demo?

Request a Demo
  



Our Other Identity & Access Management Products