How do I create a GWS account that includes a mailbox ?
Currently, SailPoint only creates GWS accounts, mailboxes must still be added manually.
Hey Rizal,
I did some digging through the docs, and this looks like it needs to be handled through Google Workspace licensing, not the ISC create-account form.
ISC can create the Google Workspace user, but it does not create a Gmail mailbox as a separate provisioning action. Google creates the mailbox after the user gets a Gmail-capable Google Workspace license. Google’s Directory API points to the same behavior: the isMailboxSetup field only applies when the user has been assigned a Gmail license.
So the fix would be:
-
Make sure ISC creates the user in the correct Google OU.
-
Enable automatic licensing for that OU in Google Admin Console.
-
Once Google assigns the Workspace/Gmail license, the mailbox should get created.
I would not try to fix this by adding emails to the provisioning policy. That attribute is part of the user profile payload, not the trigger for mailbox creation.
If the license has to vary by user type, then you can handle license assignment after account creation using Google’s Enterprise License Manager API:
POST https://www.googleapis.com/apps/licensing/v1/product/{productId}/sku/{skuId}/user
Also make sure the service account has this scope in domain-wide delegation, otherwise the call can fail with an authorization error:
https://www.googleapis.com/auth/apps.licensing
So the working flow would be:
ISC creates Google user
↓
Google assigns Gmail-capable license
↓
Mailbox gets created
Hi,
From what I’ve seen, this usually depends on how the GWS (Google Workspace) connector is configured and what attributes are being set during account creation.
By default, creating a user in GWS should provision the mailbox automatically, but if it’s not happening, it could be due to licensing or required attributes not being assigned during provisioning.
You might want to check:
- Whether the correct license (that includes mailbox/Gmail) is being assigned as part of the Create Account step
- If there are any required attributes missing that are needed for mailbox activation
- Whether mailbox enablement is handled separately in your environment (via API or admin console)
In some implementations, mailbox creation is tied to license assignment rather than just account creation.
Thanks!
Hi @punna0001 ,
So, the solution you’re suggesting is to ensure that GWS accounts are created in the correct OU and that the OU has been automatically licensed ?
Hi @Gxurav713 ,
Are there any attributes I need to add during the provisioning process in SailPoint?
I am currently referring to the following document: