Skip to content

Google Directory Connection

Google Directory is a cloud-based directory service in which customers can manage user accounts, configure administrator settings for their Google Workspace services, monitor Google Workspace usage in their domain, create groups, and more.

Though many companies use Entra ID and on-premises AD as they are popular, recently, some companies have shifted towards Google Directory, especially from the educational field. Users should be able to define profile mappings and group mappings for the entire employment lifecycle. The flow should be able to create or update employee profiles, adding or removing memberships.

Google Directory application on Hire2Retire uses OAuth authorization. By linking your Google Directory account with Hire2Retire, you can authorize RoboMQ to have a delegated access on your behalf. RoboMQ needs the following permissions on your account to provide a seamless integration experience:

Scopes Explanation
admin.directory.orgunit.readonly Scope for only retrieving organizational units.
admin.directory.userschema.readonly Scope for only retrieving custom user schemas.
admin.directory.user Global scope for access to all user and user alias operations.
admin.directory.group Global scope for access to all group operations, including group aliases and members.
cloud-identity.groups.readonly Cloud Identity Groups that you can access, including group members and their emails.
offline_access Maintain access to data you have given it access to. When a user approves the offline_access scope, Hire2retire can receive refresh tokens from the google identity platform token endpoint. Refresh tokens are long-lived. Hire2retire can get new access tokens as older ones expire.

Create a Connection

You need to have a Google Directory account before using Google Directory application on Hire2Retire.

Google Directory Connection Name

Figure 1. Google Directory Connection

You can find the Customer ID in Google Workspace Admin Console: Go to Google Workspace Admin Console > Account Settings > Profile > Customer ID

Google Directory Customer ID

Figure 2. Google Workspace Admin Console

On clicking the 'Link Account' button, you will be redirected to Google Account Authorization screen. and then enter the account details to use the Google Directory for this flow

Google Directory Sign In

Figure 3. Google Directory Sign In

By allowing access, you are authorizing RoboMQ to access your Google Directory account and make changes based on changes in HR data.