Connecting Okta with Google Workspace

Overview

Okta is acting as our universal directory store. However, we want to use services from Google. This requires users to exist within the Google Workspace environment.

We also want to keep 1 set of credentials and use SSO with Okta.

To configure this we will be connecting Google Workspace with Okta to replicate users into Google Workspace and maintain the same credentials for SSO.

Prerequisites

• An Okta & Google Workspace environment
• An Okta admin account
• A Google Workspace account with user admin permissions to create/update users

Connecting to Google Workspace

1. Search for Google Workspace in Okta's app catalog and click add integration
2. Give the application a label
3. Enter your domain associated with the Google Workspace
4. Choose number of seats (licenses) - Here we put 6 to not go over our trial limit in Google Workspace
5. Disable browser plugin auto-submit - This is a password vaulting technique. We'll configure SSO after
6. Choose Sign on method - We'll be going with SAML and setting it up in the next step

Provisioning

1. Click on the Google Workspace App and select the provisioning tab
2. Scroll down to configure API Integration to allow okta to automate Google Workspace user CRUD operations
3. Authenticate with your Google admin account that has user admin priviledges
4. Save the configuration and go back to provisioning
5. Configure settings for To App. We'll be using Okta as the master directory and replicating to Google Workspace.
6. Select Enable for creating, updating, deactivating users
7. Under Assignments - Assign the application to a group of users
8. Select which organizational unit to send these users to & what licenses to apply

Verifying

• In my Okta directory I have a group of users named Google Workspace with 2 users
• Since we assigned the Google Workspace application to this group, they should be replicated to Google
• In our Google audit logs we see that 2 users were created using the Okta service account