Google Workspace syncer
The Google Workspace syncer imports users from Google Workspace (formerly G Suite) into Casdoor using the Google Admin SDK Directory API.
Prerequisites
Set up a Google Cloud service account with domain-wide delegation and the Admin SDK enabled before configuring the syncer.
Step 1: Create a Service Account
Navigate to Google Cloud Console and create a service account:
- Go to IAM & Admin → Service Accounts → Create Service Account
- Enter a name and description for the service account
- Click Create and Continue
- Grant the service account the Service Account User role (optional)
- Click Done
Step 2: Generate a Service Account Key
After creating the service account, generate a JSON key:
- Click on the service account you just created
- Go to the Keys tab
- Click Add Key → Create new key
- Select JSON format
- Click Create and save the downloaded JSON file securely
Step 3: Enable Admin SDK API
Enable the Admin SDK API for your Google Cloud project:
- Go to APIs & Services → Library
- Search for "Admin SDK API"
- Click on it and click Enable
Step 4: Configure Domain-Wide Delegation
Set up domain-wide delegation in Google Workspace Admin:
- In the service account details, copy the Client ID
- Go to Google Workspace Admin Console
- Navigate to Security → Access and data control → API controls
- Click Manage Domain Wide Delegation
- Click Add new
- Paste the service account Client ID
- Add the OAuth scope:
https://www.googleapis.com/auth/admin.directory.user.readonly - Click Authorize
The admin.directory.user.readonly scope allows the syncer to read user profiles in your Google Workspace domain in read-only mode.
Configuration
To create a Google Workspace syncer in Casdoor:
- Navigate to the Syncers tab
- Click Add to create a new syncer
- Fill in the following required fields:
| Field | Description |
|---|---|
| Organization | The Casdoor organization where users will be imported |
| Name | A unique identifier for this syncer |
| Type | Select "Google Workspace" |
| Admin Email | Email address of a Google Workspace admin user (e.g., admin@yourdomain.com) |
| Service Account Key | Paste the complete JSON content of the service account key file |
Leave database-related fields (Database type, Port, Database, Table) empty for the Google Workspace syncer.
Field Mappings
The syncer automatically maps Google Workspace user attributes to Casdoor user fields:
| Google Workspace Field | Casdoor Field | Description |
|---|---|---|
| id | Id | User's unique identifier |
| primaryEmail | Primary email address | |
| name.fullName | Name | Full name |
| name.givenName | FirstName | First name |
| name.familyName | LastName | Last name |
| phones[0].value | Phone | Primary phone number |
| isAdmin | IsAdmin | Admin status |
| suspended | IsForbidden | Account suspension status |
Google Workspace suspended: true is mapped to Casdoor IsForbidden: true.
Running the syncer
- Click Test Connection to verify credentials and permissions.
- Toggle Is enabled and click Sync for an immediate run.
- The syncer fetches all users from the domain and handles pagination automatically.