Google Workspace
Google Workspace Syncer enables automatic user synchronization from Google Workspace (formerly G Suite) to Casdoor. The syncer uses the Google Admin SDK Directory API to retrieve user information and keep your user directory synchronized.
Prerequisites
Before configuring the syncer, you need to set up a Google Cloud service account with domain-wide delegation and the Admin SDK enabled.
Step 1: Create a Service Account
Navigate to Google Cloud Console and create a service account:
- Go to IAM & Admin → Service Accounts → Create Service Account
- Enter a name and description for the service account
- Click Create and Continue
- Grant the service account the Service Account User role (optional)
- Click Done
Step 2: Generate a Service Account Key
After creating the service account, generate a JSON key:
- Click on the service account you just created
- Go to the Keys tab
- Click Add Key → Create new key
- Select JSON format
- Click Create and save the downloaded JSON file securely
Step 3: Enable Admin SDK API
Enable the Admin SDK API for your Google Cloud project:
- Go to APIs & Services → Library
- Search for "Admin SDK API"
- Click on it and click Enable
Step 4: Configure Domain-Wide Delegation
Set up domain-wide delegation in Google Workspace Admin:
- In the service account details, copy the Client ID
- Go to Google Workspace Admin Console
- Navigate to Security → Access and data control → API controls
- Click Manage Domain Wide Delegation
- Click Add new
- Paste the service account Client ID
- Add the OAuth scope:
https://www.googleapis.com/auth/admin.directory.user.readonly - Click Authorize
The admin.directory.user.readonly scope allows the syncer to read user profiles in your Google Workspace domain in read-only mode.
Configuration
To create a Google Workspace syncer in Casdoor:
- Navigate to the Syncers tab
- Click Add to create a new syncer
- Fill in the following required fields:
| Field | Description |
|---|---|
| Organization | The Casdoor organization where users will be imported |
| Name | A unique identifier for this syncer |
| Type | Select "Google Workspace" |
| Admin Email | Email address of a Google Workspace admin user (e.g., admin@yourdomain.com) |
| Service Account Key | Paste the complete JSON content of the service account key file |
Other database-related fields (Database type, Port, Database, Table) are not used for Google Workspace syncer and can be left empty.
Field Mappings
The syncer automatically maps Google Workspace user attributes to Casdoor user fields:
| Google Workspace Field | Casdoor Field | Description |
|---|---|---|
| id | Id | User's unique identifier |
| primaryEmail | Primary email address | |
| name.fullName | Name | Full name |
| name.givenName | FirstName | First name |
| name.familyName | LastName | Last name |
| phones[0].value | Phone | Primary phone number |
| isAdmin | IsAdmin | Admin status |
| suspended | IsForbidden | Account suspension status |
The suspended field maps directly to IsForbidden. When a user is suspended in Google Workspace (suspended: true), they will be marked as forbidden in Casdoor (IsForbidden: true).
Running the Syncer
After configuration:
- Click Test Connection to verify your credentials and permissions
- Enable the syncer by toggling Is enabled
- Click Sync to trigger an immediate synchronization
- The syncer will automatically fetch all users from your Google Workspace domain
The syncer handles pagination automatically, retrieving all users regardless of the total count.