I have a scenario where, when a user leaver, ownership of the Google Workspace account is transferred to their manager or to another user.
@rsobar You can implement this in ISC by combining a Leaver workflow trigger with a Google Workspace APIcall to transfer ownership.
Hello Rizal, I did some searching on this. It might help you.
If your leaver flow actually deletes the Google account, I think the Google Workspace connector can handle the data transfer as part of the delete itself. You would set enableDataTransferOnDelete = true on the source XML, along with relationsForDataTransfer = manager so it falls back to the manager when no explicit new owner is passed. Also worth looking at excludeAppsFromTransfer since Calendar is excluded by default. The service account on the source needs the admin.datatransfer scope too. Most of this is covered in the Additional Configuration Parameters & OAuth scopes pages.
If the account is only being disabled or suspended though, that whole flow won’t trigger. In that case you would probably need a workflow instead. Something like the Identity Lifecycle State Changed trigger on the leaver state, then an HTTP Request action calling POST /admin/datatransfer/v1/transfers with oldOwnerUserId, newOwnerUserId, and one entry per app under applicationDataTransfers. The Google user IDs can be looked up through Directory API users.get. The transfer call needs to land before the disable/delete step, otherwise it fails.
For the payload, Drive and Docs use app ID 55656082996 with PRIVACY_LEVEL set to PRIVATE, SHARED, or both if you want everything. Calendar uses app ID 435070579839 with RELEASE_RESOURCES. Full list is on Google’s Transfer parameters page.
Hi @punna0001 ,
Have you used this method before, or have you handled cases like mine this way ?
So, does that mean I need to add a workflow to handle the transfer process ?
Regards,
Rizal
Hi @Santhakumar ,
Have you used this method before, or have you handled cases like mine this way ?
Regards,
Rizal
Hi Rizal,
I have not worked on this exact use case myself, but based on the docs:
If you are not deleting but only disabling or suspending the accounts, then I see a workflow might be the option you can try. If the leaver flow actually deletes the account through the connector, you would not need a separate workflow, the enableDataTransferOnDelete config might handle the transfer as part of the delete itself.
Hi @punna0001 ,
Oh, okay, thanks for the advice and the recommendation. I’ll give it a try.