Google Apps Connector for midPoint is based on ForgeRock's OpenICF connector released in December 2015. It was enhanced with some unique fixes and updates and was ported to Evolveum's Polygon project.
Google API / OAuth 2.0
Connector requires midPoint 3.4.1 or newer.
This connector does not work correctly in midPoint 3.8 - see MID-4683
Google Apps Connector is intended for production use. Connector was introduced as a contribution to midPoint project by AMI Praha and is not officially supported by Evolveum.
Google Apps Connector contains support for ACCOUNT and GROUP (mailing lists entities). However, as the original connector contains support for more entity types, not all of those were fully tested with midPoint. Current focus is on ACCOUNT entity.
Google Apps is a Software-as-a-Service platform (SaaS), that provides email, calendar, documents and other services. This connector uses the Google Apps provisioning APIs to add, modify and delete user accounts and email aliases.
More information on Google Apps as well as Google user management console can be found here.
The Google Apps connector supports the following operations:
The following table lists all the configuration properties you can specify when setting up the Google Apps connector:
|domain||X||String||Internet domain name. Seehttps://support.google.com/a/answer/177483?hl=en|
|clientId||X||String||Client identifier issued to the client during the registration process.|
|clientSecret||X||GuardedString||Client secret issued to the client during the registration process.|
|refreshToken||X||GuardedString||The refresh token allows you to get a new access token that is good for another hour. Refresh tokens never expire, they can only be revoked by the user or programatically by your app.|
Stock Keeping Units (SKU) ID. Typical value:
|autoaddlic||Boolean||False||Automatically add license to user after create|
|productid||X||String||Product ID. Typical value: |
Building the connector
Download and build the project with usual:
Import connector JAR file to one of these locations:
- midPoint WEB-INF/lib
- application server (e.g. Tomcat) lib directory
- icf-connectors directory in midPoint home
Sample resource XML can be found here.
Obtain credential codes for Google API. Log in to Google API Manager with your Google admin account.
If you have not done already - create new project and then create new credentials for "OAuth client ID" (and "other" option).
Make sure API access is enabled for at least: Admin SDK and Enterprise License Manager API.
Retrieve credentials in JSON by click on the icon as follows:
Open JSON file and make note of following properties:
In order to authenticate with Google you will also need refreshToken. To retrieve it, go to your connector-googleapps java project, run the main and confirm requested action in your web browser.
You now have all the information you need to configure the connector resource in the midPoint.