You can also synchronize your users via Google Workspace as a user directory. It is necessary that you perform the steps from this tutorial beforehand.

Configuration in Google

To include Google Workspace as a user directory in Haiilo, you must first perform the following steps within Google Administration as an admin.

1. Log in with a Google Admin account at https://console.cloud.google.com/
2. Click on the projects in the upper left corner
3. Select your project for Haiilo
4. In the "APIs & Services" select
5. Select "Library" from the left menu
   1. Search for the API "Admin SDK API"
   2. Enable this API for your project
6. Selects "Credentials" in the left menu
   
   1. Choose "Create credentials"
   2. Choose "Service account"
   3. Write a "Service account name"
   4. Use the automatic generated "Service account ID" or generate a new one
   5. Choose the role "Owner"
7. Choose the newly created service account
   1. Choose the tab "Details"
   2. Copy the "Unique ID"
   3. Choose the tab "Keys"
   4. Choose "Add key"
   5. Choose "Create new key"
   6. Choose "JSON"
   7. Save the JSON file as "service-account.json"
8. Log in with a Google Admin account at https://admin.google.com/
   1. Choose "Security"
   2. Choose "Access and data control"
   3. Choose "API controls"
   4. Choose the option "Manage domain wide delegation" in the area "Domain wide delegation"
   5. Choose "Add new"
   6. Enter the previously copied "Unique ID" of the newly created service account into "Client ID"
   7. Enter the following scopes into "OAuth scopes (comma-delimited"
      
      1. https://www.googleapis.com/auth/admin.directory.user.readonly
      2. https://www.googleapis.com/auth/admin.directory.group.readonly
      3. https://www.googleapis.com/auth/admin.directory.group.member.readonly
   8. Click "Authorize"

Configuration in Haiilo

To include Google Workspace as a user directory in Haiilo, the next step is to perform the following steps as an admin within Haiilo Administration.

1. Log in to your Haiilo with a Haiilo admin account
2. Click on "Administration" in the upper right corner of your profile picture
3. Selects "User directories" from the left menu
4. Creates a new user directory
   
   1. Fill in a "Name"
   2. Choose as "Type" the option "Google Workspace"
   3. Set a check mark for "Active", if this new user directory should be activated directly

Now set the following information per tab.

Connection

To connect to Google Workspace, you need to enter the following information.

1. Enter the email address of the Google Admin account you have used for the configuration at "Service account user email"
2. Enter at "Client id" the content of "client_id" from the "service-account.json" file
3. Enter at "Client email" the content of "client_email" from the "service-account.json" file
4. Enter at "Private key" the content of "private_key" from the "service-account.json" file
5. For "Private key id" enter the content of "private_key_id" from the "service-account.json" file
6. Enter at "Project id" the content of "project_id" from the "service-account.json" file
7. Enter at "Token uri" the content of "token_uri" from the "service-account.json" file

User

For a Google Workspace user directory you only need to enter the attribute for username in the "Users" tab. We recommend using the "primaryEmail" here.

Additionally, you can map profile fields here. Only professional fields can be synced, which consist of a string and not an array.

For user filters, you can use the standard Google filters, e.g.,  name='Jane Smith',givenName:{B}*. For custom fields, the field name should be specified with the category, e.g.,  categoryName.customField='value'. You can find more information on user filters in Google's Developer guides.

Groups

If you want to sync groups from your Google Workspace, you just need to enable the "Sync groups" option in the "Groups" tab. For group filters, you can use the standard Google filters, e.g., name='Test group'. You can find more information on group filters in Google's Developer guides.

Synchronization

The value in Page Size defines how many items should be synchronized per query. The LDAP protocol limit is 1000, so you should not choose a higher value.

The Activation option allows new and restored users to be activated during synchronization. Otherwise, you would have to manually set the status of the users to "Active" in the user management.

Orphaned users are users that currently exist as an active user, but no longer exist in the LDAP directory. It is possible to ignore, disable or delete the users in Haiilo Home during sync.

The Restore users option allows to reactivate deactivated or deleted users of Haiilo Home, if they are present again in the user directory during the sync. It is not possible to restore anonymized users. The previously anonymized user can then only be created as a new user. Anonymization is disabled by default and can be enabled in the "General settings" of the administration.

Scheduling

Here you can configure the regularity of synchronization. You have the options once per day (at night), several times a day (every four hours) and once per hour.