The following guide will walk you through the process of configuring SAML Jackson to use Google Workspace as a directory sync provider.
Jackson requires a Google OAuth App to be configured to access the Google Workspace API. You can use your existing OAuth App or create a new one.
Create OAuth App
Navigate to the Google Cloud Console and select your project from the list.
Select APIs & Services from the left menu and then select Credentials.
Select OAuth client ID from the CREATE CREDENTIALS dropdown.
Give your credentials a name and select Web application as the Application type.
Add the following Authorised redirect URIs and then click Create.
Note that the above callback URL works if you're using Jackson as a service.
If using Jackson as an NPM package, the Authorised redirect URIs will be a URL on your application that you'll need to configure. See Google Directory Sync API for more information.
Copy the Client ID and Client secret and save them for later.
See the Environment Variables section to learn how to configure Jackson with these values.
Once Jackson is configured, you can authenticate the tenants with Google OAuth and sync their Workspace directory.
Jackson can be configured to sync your Google Workspace directory on a schedule (e.g. every 2 hours).
Jackson service exposes the below API URL that can be called to trigger a sync. You can use a cron job to invoke this URL on a schedule.
Depending on the number of Google directories you have, the sync can take a few minutes to complete.
curl -X POST \
-H "Authorization: Api-Key YOUR_API_KEY" \
Learn more about Google Directory Sync API.
Does Google Workspace sync in real time?
No, Google Workspace sync is not real-time. Jackson syncs the Google Workspace directory on a schedule (e.g. every 2 hours). In a self-hosted deployment, you can configure a cron job to sync the directory on a schedule of your choice.
Can I sync specific groups from Google Workspace?
Not possible at the moment. Jackson syncs all the groups from Google Workspace. You have to filter the groups from your application's side.