Google

When you connect a Google Workspace directory to Oblique, Oblique will automatically sync users and Google groups from Google to Oblique.

Oblique initially adds all resources in “Pull” mode, meaning that Oblique treats Google as the source of truth and pulls information on these resources to Oblique. When you change the management mode of a resource, Oblique will automatically sync changes with Google. For example, if you change a resource from “Pull” to “Push,” Oblique becomes the source of truth and pushes changes to Google.

As you make changes in Google, Oblique adds any new users and groups to Oblique, and archives any deleted users and groups in Oblique.

Tip

You can add multiple Google Workspace directories to Oblique. These function as separate integrations and are distinguished by their domain.

Supported options

Oblique integrates with Google:

• As a source for users
• As a source and destination for resources

Resources

• Google groups

Add Google integration

To add a Google integration, you need to:

• enable Google Workspace domain delegation ↗ to allow Oblique’s service account to access your Google Workspace directory
• create a Google admin role
• grant the Oblique service account the Google admin role
• add the Google domain to Oblique

To get started, navigate to the Integrations page:

1. Select Add integration.
2. Select Google Workspace.

This will walk you through the steps needed for service account setup and configuration.

Enable domain delegation

To allowlist Oblique for domain delegation, in the Google Admin Console, navigate to Security > API Controls > Domain-wide Delegation, or go directly to https://admin.google.com/ac/owl/domainwidedelegation:

1. Select Add new.
2. Under Client ID, enter the client ID of the Oblique service account. You can copy this from the Oblique integration setup page.
3. Under OAuth scopes, enter https://www.googleapis.com/auth/admin.directory.group and then https://www.googleapis.com/auth/admin.directory.user.readonly. You can also copy this from the Oblique integration setup page.
4. Select Authorize.

Create a Google admin role

Next, to create a Google admin role, in the Google Admin Console, navigate to Account > Admin Roles, or go directly to https://admin.google.com/ac/list/roles:

1. Select Create new role.
2. Under Name, enter a name you will remember, such as Oblique. Optionally, enter a description.
3. Select Continue.
4. Under Select privileges, under Admin API privileges, select Groups and Users > Read. These are the minimum privileges required for Oblique to operate.
5. Select Continue.
6. Review the set of privileges is correct, and select Create Role.

Assign the admin role to the Oblique service account

Finally, you need to grant the Oblique service account the Google admin role you created.

1. From the role that you created, select Assign service account.
2. Enter the email address of the Oblique service account. You can copy this from the Oblique integration setup page.
3. Select Assign role.

Configure the integration in Oblique

To add the Google integration to Oblique:

1. Under Workspace domain, enter your Google workspace domain.
2. Optionally, configure whether Oblique can manage Google groups.
3. Select Create integration.

Oblique will immediately start syncing users and Google groups from Google to Oblique.

Manage Google groups

Manage existing Google groups

Oblique can manage Google groups and act as the source of truth for group membership. You configure this setting at the resource level.

This setting starts on by default and you can’t turn it off.

Create new Google groups

Oblique can create Google groups and act as the source of truth for group membership by creating new Google groups for new team groups in Oblique. You configure this setting at the resource level.

This setting starts off by default.

To create new Google groups for new team groups, you first need to enable this setting for the integration:

1. Navigate to the Integrations page.
2. Select the desired Google integration.
3. Select Settings.
4. Toggle Create Google group for new teams to On.

When you create a new team group in Oblique, Oblique will create a new Google group with the same name in “Push” mode.

Create an Google group for a new team group Learn more about creating a resource tied to an Oblique group.

Caution

Oblique can’t create an Google group for an existing team group in Oblique. Oblique can’t create an Google group for a new attribute-based group.

Sync Google integration

You don’t need to do anything to sync the Google integration. Oblique will automatically and continuously sync changes with Google every 15 seconds.

Remove Google integration

You can’t currently remove a Google integration from Oblique. Contact support to remove the integration.

Caution

You can revoke the Oblique service account’s access to your Google Workspace directory to immediately stop syncing, although this will generate errors.