Google Directory Connection¶
Google Directory is a cloud-based directory service in which customers can manage user accounts, configure administrator settings for their Google Workspace services, monitor Google Workspace usage in their domain, create groups, and more.
Though many companies use Entra ID and on-premises AD as they are popular, recently, some companies have shifted towards Google Directory, especially from the educational field. Users should be able to define profile mappings and group mappings for the entire employment lifecycle. The flow should be able to create or update employee profiles, adding or removing memberships.
Google Directory application on Hire2Retire uses OAuth authorization. By linking your Google Directory account with Hire2Retire, you can authorize RoboMQ to have a delegated access on your behalf. RoboMQ needs the following permissions on your account to provide a seamless integration experience:
| Scopes | Explanation |
|---|---|
| admin.directory.orgunit.readonly | Scope for only retrieving organizational units. |
| admin.directory.userschema.readonly | Scope for only retrieving custom user schemas. |
| admin.directory.user | Global scope for access to all user and user alias operations. |
| admin.directory.group | Global scope for access to all group operations, including group aliases and members. |
| cloud-identity.groups.readonly | Cloud Identity Groups that you can access, including group members and their emails. |
| offline_access | Maintain access to data you have given it access to. When a user approves the offline_access scope, Hire2retire can receive refresh tokens from the google identity platform token endpoint. Refresh tokens are long-lived. Hire2retire can get new access tokens as older ones expire. |
Create a Connection¶
You need to have a Google Directory account before using Google Directory application on Hire2Retire.
You can find the Customer ID in Google Workspace Admin Console: Go to Google Workspace Admin Console > Account Settings > Profile > Customer ID
On clicking the 'Link Account' button, you will be redirected to Google Account Authorization screen. and then enter the account details to use the Google Directory for this flow
By allowing access, you are authorizing RoboMQ to access your Google Directory account and make changes based on changes in HR data.