You can synchronize your users via Google Workspace as a user directory.

Configuration in Google

To include Google Workspace as a user directory in Haiilo, the following must be configured in Google:

• Admin SDK is active
• A service account has been created...
  • which has domain-wide authority delegation
  • whose credentials are exported as "service-account.json" file
• User with full access to users and groups, acting as "service-account-user" has been created
• Client (client ID) belonging to the service account has been added under "Security > API Management > Domain-Wide Delegation" with the following scopes:
  • https://www.googleapis.com/auth/admin.directory.user.readonly
  • https://www.googleapis.com/auth/admin.directory.group.readonly
  • https://www.googleapis.com/auth/admin.directory.group.member.readonly

Configuration in Haiilo

1. Connection
2. User
3. Groups
4. Synchronization
5. Scheduling

Connection

The service account user email is the configured email of the service account created in Google.

All other information for the "Connection" section is in the previously exported "service-account.json" file.

User

For a Google Workspace user directory you only need to enter the attribute for username in the "User" tab. We recommend to use the "primaryEmail" here.

Groups

If you want to synchronize groups from your Google Workspace, you just have to activate the option "Synchronize groups" in the tab "Groups".

After that, all groups from your Google Workspace will be synchronized as well.

Synchronization

The value in page size defines how many items should be synchronized per query. The LDAP protocol limit is 1000, so you should not choose a higher value.

The activation option allows new and restored users to be activated during synchronization. Otherwise, you would have to manually set the status of the users to "Active" in the user management.

Note:

If you have enabled terms of use in administration, the new and restored users will remain on "Hidden" until they accept them.

Orphaned users are users that currently exist as an active user, but no longer exist in the user directory. It is possible to ignore, disable or delete the users in Haiilo Home during sync.

The restore users option allows to reactivate deactivated or deleted users of Haiilo Home, if they are present again in the user directory during the sync.

Note:

It is not possible to restore anonymized users. The previously anonymized user can then only be created as a new user. Anonymization is disabled by default and can be enabled in the "General settings" of the administration.

Scheduling

Here you can configure the regularity of synchronization. You have the options once per day (at night), several times a day (every four hours) and once per hour.