Skip to main content

Pre-Built Tooling

CategoryDetails
AuthenticationOAuth 2.0 (Authorization Code with refresh tokens)
Two-Way SyncNo
Events SupportedNo
RealtimeNo (Polling)
Supports Rate LimitingYes (Google API quotas & 429 handling)
Authentication Scopes Supportedhttps://www.googleapis.com/auth/admin.directory.user, https://apps-apis.google.com/a/feeds/policies/, https://www.googleapis.com/auth/admin.directory.orgunit, https://www.googleapis.com/auth/admin.directory.orgunit.readonly, https://www.googleapis.com/auth/admin.directory.user.readonly, https://www.googleapis.com/auth/admin.directory.user.security

Objects Supported

Alloy Automation supports syncing the following objects from Google Workspace Admin:
  • Organizational Units
  • Users
  • User Tokens

Set Up Guide

Trial Access

QuestionAnswer
Offers free trial?Yes. Sign up for Google Workspace at https://workspace.google.com/ or use a standard Google Workspace account with admin privileges.
Requires paid sandbox?No paid sandbox required.
Requires partnership to obtain authentication?No. However, Google App Verification may be required in production for certain admin scopes, which can add review time.

Authentication (OAuth 2.0)

For customers who want to completely whitelabel their OAuth experience, you can provide your own developer keys instead of using Alloy Automation’s.

Create your OAuth app (Google Cloud Console)

  1. Go to Google Cloud Console (https://console.cloud.google.com) → APIs & ServicesCredentials.
  2. Create an OAuth client ID (application type: Web application).
  3. Add the redirect URI: https://api.runalloy.com/api/strategy/connector/googleWorkspaceAdmin/callback
  4. Enable the Admin SDK API for your project (APIs & Services → Library → Search for “Admin SDK API”).
  5. Configure the scopes you intend to request:
    • https://www.googleapis.com/auth/admin.directory.user (Manage users)
    • https://www.googleapis.com/auth/admin.directory.orgunit (Manage organizational units)
    • https://www.googleapis.com/auth/admin.directory.user.readonly (View users)
    • https://www.googleapis.com/auth/admin.directory.orgunit.readonly (View organizational units)
    • https://www.googleapis.com/auth/admin.directory.user.security (Manage user security settings)
  6. Copy your Client ID and Client Secret into Alloy Automation.
  • Set up the OAuth consent screen with your app details and domain.
  • For production use with admin scopes or external users, complete Google app verification (may require demo video, privacy policy, and domain ownership).
  • Admin scopes require that the authorizing user has Google Workspace admin privileges.

Getting Started

Use Cases

1) Automated user provisioning and deprovisioning

Automatically create, update, or suspend Google Workspace users based on employee onboarding/offboarding events from your HR system, ensuring consistent access control and license management.

2) Organizational unit synchronization

Sync organizational structure from your internal systems to Google Workspace, automatically placing users in the correct OUs based on department, location, or team assignments.

3) Security token auditing

Retrieve and monitor third-party application tokens granted by users in your domain to identify security risks, detect unauthorized app access, and enforce compliance policies.

4) User directory reporting

Generate comprehensive reports on user accounts, including last login times, 2FA enrollment status, admin privileges, and suspended accounts for compliance and security audits.

5) Cross-platform identity management

Synchronize user profiles and organizational hierarchy between Google Workspace and other enterprise systems (CRM, ERP, HRIS) to maintain a single source of truth for identity data.

API Gotchas

  • The customerId parameter can use the alias my_customer to represent your own account, which simplifies API calls when you don’t know your exact customer ID.
  • Admin privileges required: OAuth tokens must be granted by a user with super admin or delegated admin privileges. Regular users cannot authorize apps that request admin scopes.
  • Pagination tokens: When listing large numbers of users or organizational units, use the pageToken parameter to retrieve subsequent pages. Don’t assume all results fit in a single response.
  • Rate limiting and quotas: Google Admin SDK has per-project quotas (typically 1,500-2,400 requests per minute). Monitor your quota usage in the Google Cloud Console and implement exponential backoff for 429 responses.
For questions or troubleshooting, contact support@runalloy.com.
I