Google Workspace Integration Setup

Getting Started

There are two kinds of information that can be pulled from Google Workspace into BalkanID - namely HRIS data (using Google as a HRIS source of truth) and Entitlement data (who has access to what, etc). The following setup applies to both.

By default, typically Google Workspace integration may be setup in your tenant in such a way that it pulls in just entitlement data. To start using Google as a HRIS source of truth, please contact and we will enable that.

BalkanID recommends creating a separate service account for the purposes of this integration, instead of using personal or employee named accounts.

Requirements:

• Domain

• Super-Admin Email

• Service Account

Getting the configuration

Granting Access to BalkanID

1. This step is only needed if you would like to create a new project instead of using an existing project for the integration.

   1. Create a project ().

   2. You should be able to walk through the wizard after clicking Create Project from the section of the console. You will specify a project name and select an organization.

2. Create a service account in project created in the previous step ()

   • You should be able to walk through the wizard after clicking “” from the ‘Service Accounts’ section of the console. You will specify a service account name, and the rest of the fields will auto-fill based on that. You can just hit Create and Continue. You will not need to specify any of the optional steps listed on the wizard. This step is only needed if you would like to create a new service account instead of using an existing service account for the integration.

   • Copy and paste the clientID as well as the service account email address from the main service accounts listing page (the items under the columns underlined in red below).
3. Upload existing key to the service account

   • Click Add New > Upload Existing Key.

   • Use the certificate received from BalkanID.

   • Remember to save the email address of the service account to enter into the configuration for BalkanID from the service account listing page as stated in the previous section.

4. Enable Admin SDK API ()

   • Click Enable.

5. Delegate domain access ()

   • Click Add New.

   • Enter the clientID created in the previous step.

   • Add the following OAuth Scopes:

https://www.googleapis.com/auth/admin.directory.user.readonly,
https://www.googleapis.com/auth/admin.directory.orgunit.readonly,
https://www.googleapis.com/auth/admin.directory.group.readonly,
https://www.googleapis.com/auth/admin.directory.user.security,
https://www.googleapis.com/auth/admin.directory.rolemanagement.readonly

Configuring Google Workspace in your BalkanID tenant

1. Login to the BalkanID application and switch to the tenant you would like to add your integration to.

2. Head to Integrations > Third Party Applications and click Add Integration, select Google. Set up the Primary Application owner and the Description, if any.
3. Google Workspace would have been added to the list of applications. Click on the Configure and Integrate button beside the integration name, and configure the fields with the values that were noted prior. It should look like this:

   • Email of a super-admin user (that was used to carry out the items in step one above) that will be impersonated to retrieve data.

   • Email address of the service account created in step one.
4. Once you filled in the information, click Save changes. Your integration is now configured and you will see the status of the integration displayed alongside other integrations on the Integrations page. Integrations are synced daily. When data is available, the integration Status column will read Connected and the integration Message will read Data available.

Integration Scopes