New Capability: New Google Workspace SaaS Connector is now LIVE!

Announcements Product News
, ,
1

Description

:bangbang: We are super excited to announce the rolled out of net new SailPoint Google Workspace SaaS Connector in Identity Security Cloud!

This is a SaaS Connector that does not require a Virtual Appliance to run. This SaaS connector provides identity management and governance to protect Google Workspace Accounts, Service Accounts, Domains and the associated Google Groups. This includes aggregation, provisioning, and the management of entitlements at the account level.

The Google Workspace SaaS connector can manage the following Google Cloud objects:

  • Google Accounts(Google Workspace Identities + managed Cloud Identities only)
  • Service Accounts
  • Domains(Google Workspace or Cloud Identity Domain)
  • Google Groups

What are the capabilities of Google Workspace SaaS connector?

High-level Capabilities

  • Account Operations
    • Load accounts - user, service account, domain
    • Provision accounts - user, service account, domain
    • Access Certifications (certification of entitlements connected to accounts)
    • Password management - Google Workspace User/ Cloud Identity
    • Enable and disable accounts - Google Workspace User/ Cloud Identity and service account
    • Manages Delegated Administrators and Alias on Accounts
    • Move User to Other Organization Unit
    • Provision Custom Schema Attributes
  • Group Entitlements
    • Supported Google Workspace objects include:
      • Groups
      • Roles
    • Supported GCP objects are:
      • IAM Roles
      • Projects
      • Folders
      • Resource Permissions
    • Groups, roles, and resource permission for Google Workspace User/ Cloud Identity
    • Resource permission for service account and domain

Documentation

Note -

  • If you are already using a VA based Google Workspace Connector, then there won’t be any changes or impact to it.

If you have any questions, please reach out to us, and we would be more than happy to help you in all possible ways.

Thanks!

1 Like
2

In the Virtual Appliance based Google Workspace connector, we are using account.filterString to exclude Service and Domain accounts in the accoun aggregation. We attempted to do this with the SaaS connector, but the filter isn’t working. Is account.filterString not being implemented for this connector?

If you are looking for future enhancements on this connector, it would be great if there could be a configuration setting to exclude Service Accounts.

3

Hi @Carlatto,

The current account filtering option in the source configuration, which is present in the VA based connector is also available in this SaaS Connector.

For more information, refer to Advanced Settings.

This filtering is applicable to the fields mentioned in this Google Doc - جستجو برای کاربران  |  Admin console  |  Google for Developers.

Looks like there is no OOTB way for filtering the Service and Domain accounts, and you are using product level filtering option via account.filterString. Can you please share on which parameter you are applying filter?

Thanks,
Dinesh