Google Workspace Connection¶
Google Workspace allows organizations to manage employee accounts or administrator settings. Users can monitor the usage of Google Workspace services, create group memberships, and more with this cloud-based directory service.
Although, Entra ID and on-premise Active Directory are the most used directory services, recently, organizations particularly in education industry have started shifting towards Google Workspace. With using Google Workspace or any other identity provider, the process for defining the profile or group mappings for entire employee journey should be streamlined. Any change in HR should be reflected in IdP such as with creation or update of employee profile, memberships should be added or removed.
Open Authorization (OAuth) is used by Google Workspace on Hire2Retire. User can give delegated access to RoboMQ by connecting its Google Workspace account with Hire2Retire. This access can be assigned by providing following permissions:
| Scopes | Explanation |
|---|---|
| admin.directory.orgunit.readonly | Scope for only retrieving organizational units. |
| admin.directory.userschema.readonly | Scope for only retrieving custom user schemas. |
| admin.directory.user | Global scope for access to all user and user alias operations. |
| admin.directory.group | Global scope for access to all group operations, including group aliases and members. |
| cloud-identity.groups.readonly | Cloud Identity Groups that you can access, including group members and their emails. |
| offline_access | Maintain access to data you have given it access to. When a user approves the offline_access scope, Hire2retire can receive refresh tokens from the google identity platform token endpoint. Refresh tokens are long-lived. Hire2retire can get new access tokens as older ones expire. |
Create a Connection¶
Before connecting the Google Workspace application to Hire2Retire, please ensure that you have a Google Workspace account set up.
If you are unaware about your Customer ID, you can get it from Google Workspace Admin Console: Go to Google Workspace Admin Console > Account Settings > Profile > Customer ID
Click on “Link Account” after details are filled. Now, you will be redirected to the screen where you need to authorize your Google Account for this flow. Enter your account details
In this step, you are giving authorization to RoboMQ to access your Google Workspace account and sync changes with your HR data.