Group (as in SCIM Group)
Same as Entitlement in IDHUB.
Will map to different entities in Google workspace, for instance - Groups, GDrive Permissions, makeAdmin etc to name a few
Create/Delete/Modify Group
Attribute Name | Description | Data Type | |
|---|---|---|---|
Required | id | ID of the Group | String |
type | Type of the Group | String | |
Other Required | Defined by parameters required for each type. | String | |
Assignment
Attribute Name | Description | Data Type | |
|---|---|---|---|
Required | id | ID of the Group | String |
type | Type of the Group | String | |
userkey | Primary email | String | |
action | Add/Revoke | String | |
Other Required | Defined by parameters required for each type. | String | |
Type
Type is identifier to consolidate all the permissions related items in Google Workspace. This is used by the SCIM connector to determine which API call to make.
admin
groups
roles
drivePermissions
delegate
license
Type=admin
POST https://www.googleapis.com/admin/directory/v1/users/userKey/makeAdmin
Since userkey is already included in required attributes, no other parameters are required.
Type=group
Attribute Name | Description | Data Type |
|---|---|---|
email of group | String | |
name | name of the group | String |
description | Description of the group | String |
Create
POST https://www.googleapis.com/admin/directory/v1/groups
Update
PUT https://admin.googleapis.com/admin/directory/v1/groups/{groupKey}
Delete
DELETE https://admin.googleapis.com/admin/directory/v1/groups/{groupKey}
ListMembers
GET https://admin.googleapis.com/admin/directory/v1/groups/{groupKey}/hasMember/{memberKey}
AssignMembers
POST https://admin.googleapis.com/admin/directory/v1/groups/{groupKey}/members
Type=drivePermissions
List
GET https://www.googleapis.com/drive/v3/files/fileId/permissions
Create
POST https://www.googleapis.com/drive/v3/files/fileId/permissions
Update
PATCH https://www.googleapis.com/drive/v3/files/fileId/permissions/permissionId
Delete
DELETE https://www.googleapis.com/drive/v3/files/fileId/permissions/permissionId
Type=license
List all user Licenses
Per user
GET https://www.googleapis.com/apps/licensing/v1/product/productId/users?customerId=primary domain name&maxResults=max results per page
Per product
GET https://www.googleapis.com/apps/licensing/v1/product/productId/sku/skuId/users?customerId=primary domain name&maxResults=max results per response page
Assign License
POST https://www.googleapis.com/apps/licensing/v1/product/productId/sku/skuId/user
Reassign License
PUT https://www.googleapis.com/apps/licensing/v1/product/productId/sku/the current skuId/user/user's email
Delete License
DELETE https://www.googleapis.com/apps/licensing/v1/product/productId/sku/skuId/user/userId
Type=roles
Get Privileges
GET https://www.googleapis.com/admin/directory/v1/customer/customer_id/roles/ALL/privilegesGet Existing Roles
GET https://www.googleapis.com/admin/directory/v1/customer/customer_id/rolesCreate Role
POST https://www.googleapis.com/admin/directory/v1/customer/customer_id/roles
{
"roleName": "My New Role",
"rolePrivileges": [
{
"privilegeName": "USERS_ALL",
"serviceId": "00haapch16h1ysv"
},
{
"privilegeName": "GROUPS_ALL",
"serviceId": "00haapch16h1ysv"
}
]
}Create Role Assignment
POST https://www.googleapis.com/admin/directory/v1/customer/customer_id/roleassignments
{
"roleId": "3894208461012995",
"assignedTo": "100662996240850794412",
"scopeType": "CUSTOMER"
}