> ## Documentation Index > Fetch the complete documentation index at: https://docs.runalloy.com/llms.txt > Use this file to discover all available pages before exploring further. # Google Workspace Admin > Integration details and setup guide for the Google Workspace Admin connector in Alloy Automation. ## Pre-Built Tooling | Category | Details | | ----------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Authentication** | OAuth 2.0 (Authorization Code with refresh tokens) | | **Two-Way Sync** | No | | **Events Supported** | No | | **Realtime** | No (Polling) | | **Supports Rate Limiting** | Yes (Google API quotas & 429 handling) | | **Authentication Scopes Supported** | `https://www.googleapis.com/auth/admin.directory.user`, `https://apps-apis.google.com/a/feeds/policies/`, `https://www.googleapis.com/auth/admin.directory.orgunit`, `https://www.googleapis.com/auth/admin.directory.orgunit.readonly`, `https://www.googleapis.com/auth/admin.directory.user.readonly`, `https://www.googleapis.com/auth/admin.directory.user.security` | *** ## Objects Supported Alloy Automation supports syncing the following objects from **Google Workspace Admin**: * **Organizational Units** * **Users** * **User Tokens** *** ## Set Up Guide ### Trial Access | Question | Answer | | -------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Offers free trial?** | Yes. Sign up for Google Workspace at [https://workspace.google.com/](https://workspace.google.com/) or use a standard Google Workspace account with admin privileges. | | **Requires paid sandbox?** | No paid sandbox required. | | **Requires partnership to obtain authentication?** | No. However, Google App Verification may be required in production for certain admin scopes, which can add review time. | *** ### Authentication (OAuth 2.0) For customers who want to completely whitelabel their OAuth experience, you can provide your own developer keys instead of using Alloy Automation's. #### Create your OAuth app (Google Cloud Console) 1. Go to **Google Cloud Console** ([https://console.cloud.google.com](https://console.cloud.google.com)) → **APIs & Services** → **Credentials**. 2. Create an **OAuth client ID** (application type: *Web application*). 3. Add the redirect URI: `https://api.runalloy.com/api/strategy/connector/googleWorkspaceAdmin/callback` 4. Enable the **Admin SDK API** for your project (APIs & Services → Library → Search for "Admin SDK API"). 5. Configure the scopes you intend to request: * `https://www.googleapis.com/auth/admin.directory.user` (Manage users) * `https://www.googleapis.com/auth/admin.directory.orgunit` (Manage organizational units) * `https://www.googleapis.com/auth/admin.directory.user.readonly` (View users) * `https://www.googleapis.com/auth/admin.directory.orgunit.readonly` (View organizational units) * `https://www.googleapis.com/auth/admin.directory.user.security` (Manage user security settings) 6. Copy your **Client ID** and **Client Secret** into Alloy Automation. #### Consent screen & verification * Set up the **OAuth consent screen** with your app details and domain. * For production use with admin scopes or external users, complete **Google app verification** (may require demo video, privacy policy, and domain ownership). * Admin scopes require that the authorizing user has Google Workspace admin privileges. #### Getting Started * **Sign up for Google Workspace**: [https://workspace.google.com/](https://workspace.google.com/) * **Google Cloud Console**: [https://console.cloud.google.com](https://console.cloud.google.com) * **Admin SDK API Documentation**: [https://developers.google.com/admin-sdk](https://developers.google.com/admin-sdk) * **OAuth 2.0 Setup Guide**: [https://developers.google.com/identity/protocols/oauth2](https://developers.google.com/identity/protocols/oauth2) *** ## Use Cases ### 1) Automated user provisioning and deprovisioning Automatically create, update, or suspend Google Workspace users based on employee onboarding/offboarding events from your HR system, ensuring consistent access control and license management. ### 2) Organizational unit synchronization Sync organizational structure from your internal systems to Google Workspace, automatically placing users in the correct OUs based on department, location, or team assignments. ### 3) Security token auditing Retrieve and monitor third-party application tokens granted by users in your domain to identify security risks, detect unauthorized app access, and enforce compliance policies. ### 4) User directory reporting Generate comprehensive reports on user accounts, including last login times, 2FA enrollment status, admin privileges, and suspended accounts for compliance and security audits. ### 5) Cross-platform identity management Synchronize user profiles and organizational hierarchy between Google Workspace and other enterprise systems (CRM, ERP, HRIS) to maintain a single source of truth for identity data. *** ## API Gotchas * The **customerId** parameter can use the alias `my_customer` to represent your own account, which simplifies API calls when you don't know your exact customer ID. * **Admin privileges required**: OAuth tokens must be granted by a user with super admin or delegated admin privileges. Regular users cannot authorize apps that request admin scopes. * **Pagination tokens**: When listing large numbers of users or organizational units, use the `pageToken` parameter to retrieve subsequent pages. Don't assume all results fit in a single response. * **Rate limiting and quotas**: Google Admin SDK has per-project quotas (typically 1,500-2,400 requests per minute). Monitor your quota usage in the Google Cloud Console and implement exponential backoff for 429 responses. > For questions or troubleshooting, contact **[support@runalloy.com](mailto:support@runalloy.com)**.