Documentation
Start typing to search…

Google Workspace

Learn how to connect Google Workspace with Opal.

Suggest Edits

Opal natively supports an integration with Google Workspace. This integration enables organizations to manage access to default and custom admin roles.

2312

Configuration

  1. Go to Inventory and select + App to add the Google Workspace App.
2312
  1. For Opal to manage your Google Workspace on your behalf, you'll need to create a Google service account with proper permission scopes to retrieve role and user information. Follow the instructions for creating a service account, and grant it the following scopes:
https://www.googleapis.com/auth/admin.directory.user, 
https://www.googleapis.com/auth/admin.directory.rolemanagement
  1. Enable the Admin SDK API in the project that the service account was created in.
  2. In Opal, the Admin User Email should be a user with the Super Admin Role in order for the service account to read role assignments. You can find super admins in the admin console -> 'Admin Roles' -> 'Super Admin'. This email is NOT your service account email.

Run app validation checks

After you save your app, you can view existing sync issues from the Setup tab on the app detail page. Missing permissions and sync issues show in the App Validations section. Select the refresh icon to rerun validation checks.

You can hover over the validation icons to learn why Opal needs a given permission. To correctly sync your app to Opal, ensure you address any sync errors, marked with the red ! icon. Inspect warnings on a case-by-case basis: warnings might impact features you’re not using and may be safely ignored, but this depends on your use case.

Updated 4 days ago

What’s Next
Did this page help you?