Google Workspace

Overview

Opal natively supports an integration with Google Workspace. This integration enables organizations to manage access to default and custom admin roles.

Navigate to Catalog click + App to add the Google Workspace App:

1. Create a service account for Opal
   For Opal to manage your Google Workspace on your behalf, you'll need to create a Google service account with proper permission scopes to retrieve role and user information. Follow the instructions for creating a service account here, and grant it the following scopes:

https://www.googleapis.com/auth/admin.directory.user, 
https://www.googleapis.com/auth/admin.directory.rolemanagement

2. Enable the Admin SDK API in Google.
   Please also enable the Admin SDK API in the project that the service account was created in.
3. In Opal, when adding the service account information and credentials, ensure that the Admin User Email has the Super Admin Role in order for the service account to read role assignments.