Integrating with Google Workspace
The Satori platform supports integration with Google Workspace. Google Workspace includes productivity apps such as Gmail, Calendar and Drive, Docs, Sheets, Slides, Meet, and many more.
The Satori Google Workspace Integration
The Satori Google Workspace integration synchronizes user and group information from Google Workspace to Satori, enabling role-based and attribute-based policies in Satori to leverage existing groups and attributes. Once you create the integration, Satori syncs the information periodically. You can also manually trigger the sync by clicking the SYNC NOW button in Satori.
The following information is synchronized from Google Workspace:
- User emails (and email aliases), first and last names and managers
- Group emails and names
- Custom user attributes
Syncronizing Users and Groups with Satori
Satori does not automatically synchronize all users and groups from Google Workspace. To control which users should be synchronized to Satori, you need to select one or more groups to synchronize. Satori will only synchronize the users who are members of the selected groups.
NOTE: Satori recommends creating a group called 'Satori Users' to easily control which of your users get synchronized to Satori.
Setting up the Google Workspace Integration
Satori Configuration
- Go to the Satori management console and select the Settings from the kabab menu.
- Now, select the Integration view and click on the Google Workspace tile.
- Copy the Service Account Email field and save it for later.
Google Workspace Configurations
- Login to the Google Workspace admin console
- Navigate to Account / Account Settings / Profile
- Copy your Google Workspace Customer ID and save it for later
- Navigate to Account / Admin Roles
- Select Create new role and provide a name for your role. For example,
Satori Directory Reader
. - In the Select Privileges step, scroll down to the Admin API privileges section, and select the following:
Users.Read
andGroups.Read
. - Review the new role and select CREATE ROLE.
- In the role details page, select Assign service accounts and add the service account email you copied from the Satori management console.
Configure the Google Workspace Integration
- Go to the Satori management console and select the Settings from the kabab menu.
- Now, select the Integration view and click on the Google Workspace tile.
- Enter the Google Workspace Customer ID
- Click on Test Connection. Satori will try to connect to Google Workspace. If the connection test fails, check that the Customer ID field is correct and that you assigned the Satori service account to the new role you created in Google Workspace.
- Select the Integration Settings tab and select which groups to sync to Satori.
- Click Save to finish. Satori will start synchronizing users and groups in the background.