The Google Apps Multi-Domain connector is designed to be used in environments where either multiple Google domains exist, or a single domain exists under a single Google tenancy with multiple “ORGs” set up within it.
For example, the Identity functionalities of this connector enable you as an Identity administrator to configure Google Apps as a connected system and then make Identity users part of the Google Apps system. This enables the user or Identity administrator to reset Google Apps account passwords. This also enables you to create, retrieve, update, and delete user accounts, nicknames, and e-mail groups.
The Provisioning functionalities of this connector enable exporting and importing user accounts on a Google Apps system.
Fischer's Google Apps Multi-Domain connector integration supports the following functionality:
Identity Integration
|
Product Feature
|
Supported
|
Authenticate |
Yes |
Validate User |
Yes |
Enable/Disable User |
Yes |
Reset Password |
Yes |
Expire Password Immediately |
Yes |
Expire Password by Date |
No |
|
Provisioning Integration |
Data Format
|
Export
|
Create
|
Modify
|
Delete
|
Trigger
|
User |
Yes
|
Yes |
Yes |
Yes |
No |
Group |
Yes
|
Yes |
Yes |
Yes |
No |
Calendar Resource |
Yes
|
Yes |
Yes |
Yes |
No |
Calendar |
Yes
|
Yes |
Yes |
Yes |
No |
Drive |
Yes
|
Yes |
Yes |
Yes |
No |
Chrome Device |
Yes
|
No |
Yes |
Yes |
No |
Mobile Device |
Yes
|
No |
Yes |
Yes |
No |
|
Prerequisites
Ensure that these prerequisites are satisfied:
- Create the service account.
An account with administrative privileges is required to execute the directory API. (Note: If there is already an admin account available to use, this step can be skipped). Only administrators can create an admin account. The following steps are required to create the service account.
- Login to the GoogleApps admin console. https://admin.google.com/AdminHome) using an existing admin account. Click on the Users menu.

-
Click on the Users menu.

-
Select Add
user button.
The Create a new user page displays.

-
Enter the new user details. Click 'ADDITIONAL INFO' to give more information, if needed.
Select the option Add a user manually option and click continue
The Create a new user page displays.

-
Enter the additional information of the user and click the Create button.
-
Once the new user is created, select the Admin Roles option from the main menu.

-
Add the service account to the Super Admin role.
-
Login to admin console with the new user credentials. From the admin console of the new admin account, select the menu Apps. Make sure that in the APPS SETTINGS _ G Suite list has Groups for Business with status 'On for everyone', as in the screen below.

-
Enable API Access
Once the service account is activated, it requires access to the administrative APIs. This is also done from the admin console.

-
Select the security menu and choose the API reference option.
-
Check the Enable API access check box.

- Apply the changes using the Save Changes button.
- Activate Admin SDK
The service account authentication option of the directory is required for this connector.
-
Create a project in Google APIs console. Use the link https://code.google.com/apis/console to create the project.
-
Use the Create project... button to create the new API project. This will display the Google Developers Console. Click Create project.

-
Enter project name and click CREATE.


-
The Google Developers Console page is shown below. The Google Apps APIs are listed here. Select A



-
Select the enable button to turn on the Admin SDK APIs.


- The ADMIN SDK’S dashboard will display as shown below. Similarly, the different API’s like Calendar API, Group Settings API, etc., can be enabled

- Select Credentials and enter 'Product name shown to users' in the OAuth consent screen and click Save button.

- Select the IAM & Admin page as directed below. "Products & Services" _ IAM & Admin.


- Select 'Service accounts' in the 'IAM & Admin' page to get service accounts for the project. Click CREATE SERVICE ACCOUNT.

- The Create service account screen will be displayed as shown below. Enter Service account name and Select your Role. Check the 'Furnish a new private key' and 'Enable G Suite Domain-wide Delegation' check boxes. Select the Key type 'P12' for the private key. Click CREATE button.


-
The service account haws been created and generated a new Public-Private key with default private key password 'notasecret'.

-
Select the Save File and click OK button to download in internet browser. Here the private key file gets downloaded.

- Store the key file in a location on the Identity/Provisioning Server. This file can be chosen as the 'Service Account Private Key' in the Google Apps Multi domain connected system details page.

- The service accounts page displays as show below. Click the View Client ID to get the client ID.

-
The Client ID for the service account client displays. Store the 'Client ID' and 'Service account' information for further use.

The service account details will be populated in the page ’Client ID for the service account'. These details are required while authorizing the service account to execute the API and while connecting to Google apps using the service account.
In this case, the values are:
Client ID: 113822069952190990035
Service Account email address: serviceaccount1@my-project1-149814.iam.gserviceaccount.com
-
Authorize Service Account
In order to use the service account, API client access must be granted. From the Google Admin console perform the following steps. Select Security _ Advanced Settings _ Manage OAuth Client access.
- Select the Security section for the admin console.

- Click Show more to get advanced settings.

- Select 'Manage API client access' in 'advanced settings' to authenticate the service account.

-
The ‘Manage API client access’ displays. Enter ‘Client Name’ and ‘API Scopes’ of service account details and click the Authorize button.


Minimal Scopes Required for User/Group in Connector Execution
-
The following are the minimal scopes required for connector execution.
Scopes required for Export/Import of Calendar
-
The following are the minimal scopes required for Export/Import of Calendar.
Google Domain Connected System Page
- The connected systems details page is shown below.

-
Enter the desired information:
Definition |
Supported Connectors Displays whether the connected system is Identity only, Provisioning only, or both.
|
Type Select the connected system type. |
Locale Select the preferred language (default: English). Locale specific information such as Display Name and Description can be added only while modifying the connected system.
|
Name The name for this connected system. Note: The name cannot be modified later. |
Display Name The display name of the new connected system. |
Description The description of the connected system. |
Associated With Select how the connector associated with this system will run:
- Server (default) - Runs locally on the Provisioning/Identity Server.
- Global Identity Gateway - Runs remotely on a Global Identity Gateway cluster member. Note: Only GIG clusters that have at least one registered and enabled member will display in this list.
- See Using the Global Identity Gateway with Connected Systems for additional information.
|
Password Reset By Enables administrators to configure password management functions normally available to Users and OBO (On Behalf Of) Users:
- OBO User Only - Connected system and account association information is displayed only in Self-Service user management (for OBO Users). OBO Users can reset passwords for accounts on this connected system. Administrators can perform all user management functions for this connected system (e.g., enable/disable, validate, associate user, and password reset). End users will not see their accounts on this connected system in Self-Service and Kiosk; therefore, they cannot reset passwords for accounts on this connected system.
- Users and OBO User - Connected system and account association information is displayed in Self-Service password reset, Self-Service - Kiosk, and Self-Service user management. Self-Service users, Kiosk users, and OBO Users can reset passwords for accounts on this connected system. Administrators can perform all user management functions for this connected system (e.g., enable/disable, validate, associate user, and password reset).
- External - Connected system and account association information is not displayed in Self-Service password reset, Self-Service - Kiosk, and Self-Service user management. Self-Service users, Kiosk users, and OBO Users cannot reset passwords for accounts on this connected system.
Note: When user management configuration enables OBO Users to perform password resets, this definition must be set to OBO User Only or Users and OBO User. For connectors that support Provisioning only, there is no password reset capability.
|
Provisioning Option Select the provisioning option:
- Automated (default) - The connected system functions as a normal connected system; there are no restrictions.
- Administrative - The connected system cannot be used as an object in a workflow.
|
Enable HPAM Support Select to make the connected system HPAM enabled (default: cleared). Note: This can only be set for systems that support Identity. |
Connection Information |
Admin Email Address The email address of the Google Apps administrative account.
|
Service Account Email Address The email address of the service account. Use service accounts to call google api on behalf of the application instead of an end-user.
|
Service Account Private Key The path to the private key of the service account (note: once the connected system is added, the location will not be visible from the admin UI)
|
Private Key Password Provide the private key password as the value of this parameter. This is used only while parsing the private key and not used in runtime while creating Google apps connection.
|
Admin Password Password of the Google Apps administrative account.
|
Configiuration Details
|
Password Hash Algorithm Specify the password hash algorithm: None, MD5, or SHA-1.
|
Password Expiration Support |
Expiration Options For Admin/OBO User Password Reset Specify the password expiration: None, Immediate, or Immediate with Date.
Note: If Immediate with Date is selected, Immediate is also available.
The Detect button creates a connection to the connected system using current configuration settings. The connector then attempts to determine correct values for the settings, which are auto-detected, and then these settings are updated with detected values.
|
System Owner Add or Remove users assigned as the owners of the system. Displays the Connected System Owner Search page for selecting users. The HPAM column indicates whether the system owner is authorized to use the HPAM feature. The Approvers column indicates whether the system owner is an approver in the approval process. |
Add/Remove Adds or removes users assigned as the owners of the system. Displays the Connected System Owner Search page for selecting users. The HPAM column indicates whether the system owner is authorized to use the HPAM feature. The Approvers column indicates whether the system owner is an approver in the approval process.
|
-
Click the Test Connection button to test the Connection Information:
- If successful, one or both of these messages may display:
Message: Connection from Provisioning to the connected system was established successfully.
Message: Connection from Identity to the connected system was established successfully.
- If unsuccessful, one or both of these messages may display:
Error: Failed to establish connection from Provisioning to the connected system.
Error: Failed to establish connection from Identity to the connected system.
Note: If the connection fails, additional messages may display providing more information regarding the failure, and additional information may be posted to the Provisioning and Identity logs.
-
(Optional) To select owners of the system, click the System Owner Add button. The Connected System Owner Search page displays:

-
Select the owners and then click the Select button. The system owner displays under the System Owner section:

Note: More than one user can be assigned as an owner.
-
To add additional system owners, click the Add button.
- On the Connected System Details page, click the Add button to save the configured connected system. The Object Category Association page displays a list of categories that are already associated and/or can be selected to add additional associations to this connected system:

-
Select one or more available object categories or provide search criteria and click the Search button to find specific categories to select. If there are no available categories to select, proceed to Step 8.
-
Click the Add Association button to associate the selected object categories to the connected system.
-
Click the Back button to return to the Connected System View page. The new connected system displays in the list.
See Copying, Modifying, and Deleting Connected Systems for additional information.
Creating the Connected System in the Studio
- Log in to the Workflow and Connectivity Studio and click Connectivity ► Add Systems on the menu bar. The Add Connected Systems window displays.
- Select the Google Apps connected system from the Type drop-down list. The default values display.

-
Enter the desired information:
Definition |
Type Select the connected system type. |
Name The name for this connected system. Note: The name cannot be modified later. |
Display Name The display name of the new connected system. |
Description The description of the connected system. |
Supported Connectors Displays whether the connected system is Identity only, Provisioning only, or both. Only connectors that support Provisioning are available here. |
Associated With Select how the connector associated with this system will run:
- Server (default) - Runs locally on the Provisioning/Identity Server.
- Global Identity Gateway - Runs remotely on a Global Identity Gateway cluster member. Note: Only GIG clusters that have at least one registered and enabled member will display in this list.
See the Using the Global Identity Gateway with Connected Systems for additional information. |
Password Reset By Enables administrators to configure password management functions normally available to Users and OBO (On Behalf Of) Users:
- OBO User Only - Connected system and account association information is displayed only in Self-Service user management (for OBO Users). OBO Users can reset passwords for accounts on this connected system. Administrators can perform all user management functions for this connected system (e.g., enable/disable, validate, associate user, and password reset). End users will not see their accounts on this connected system in Self-Service and Kiosk; therefore, they cannot reset passwords for accounts on this connected system.
- Users and OBO User - Connected system and account association information is displayed in Self-Service password reset, Self-Service - Kiosk, and Self-Service user management. Self-Service users, Kiosk users, and OBO Users can reset passwords for accounts on this connected system. Administrators can perform all user management functions for this connected system (e.g., enable/disable, validate, associate user, and password reset).
- External - Connected system and account association information is not displayed in Self-Service password reset, Self-Service - Kiosk, and Self-Service user management. Self-Service users, Kiosk users, and OBO Users cannot reset passwords for accounts on this connected system.
Note: When user management configuration enables OBO Users to perform password resets, this definition must be set to OBO User Only or Users and OBO User. For connectors that support Provisioning only, there is no password reset capability.
|
Provisioning Option Select the provisioning option:
- Automated (default) - The connected system functions as a normal connected system; there are no restrictions.
- Administrative - The connected system cannot be used as an object in a workflow.
|
Enable HPAM Support Select to make the connected system HPAM enabled (default: cleared). Note: This can only be set for systems that support Identity. |
Connection Information |
Admin Email Address The email address of the Google Apps administrative account.
|
Service Account Email Address The email address of the service account. Use service accounts to call google api on behalf of the application instead of an end-user.
|
Service Account Private Key The path to the private key of the service account (note: once the connected system is added, the location will not be visible from the admin UI)
|
Private Key Password Provide the private key password as the value of this parameter. This is used only while parsing the private key and not used in runtime while creating Google apps connection.
|
Admin Password Password of the Google Apps administrative account.
|
Configuration Details
|
Password Hash Algorithm Specify the password hash algorithm: None, MD5, or SHA-1.
|
Password Expiration Support |
Expiration Options For Admin/OBO User Password Reset Specify the password expiration: None, Immediate, or Immediate with Date.
|
- Click the Connect button to test the Connection Information:
- If successful, one or both of these messages may display:
Connection from Studio to the connected system was established successfully.
- If unsuccessful, one or both of these messages may display:
Failed to establish connection from Studio to the connected system.
Note: If the connection fails, additional messages may display providing more information regarding the failure.
-
Click the Apply button to apply changes. The Category Association window displays.
-
Select one or more object categories from the Available Categories list or enter a category name and click the Search button to find a specific category to select. If there are no available categories to select, proceed to Step 6.
-
Click the Add button to associate the selected object categories to the connected system.
-
Click OK to accept selected categories.
See Copying, Modifying, and Deleting Connected Systems for additional information.
Using the Connected System for Identity
Perform these procedures to configure the connector:
- Connector Details for Identity
- Identity Password Management
Connector Details for Identity
This table lists values to enter when associating the Identity user with an existing user in the connected system:
|
Field |
System Attribute |
Example Value |
Account ID |
dn |
cn=Betty Lane,ou=People,dc=example,dc=com |
Note: The user must agree to Google Apps terms and conditions before most Identity Management functions can be performed.
Identity Password Management
See User Management for details on password management.
Using the Connected System for Provisioning
Perform these procedures to configure the connector:
- Configuring for Export
- Configuring for Import
- Connector Details for Provisioning
Note: If the number of records to be processed exceeds one thousand, we recommend configuring the workflow to use bulk mode, which lowers the memory consumption of the system by streaming data to files. Because data is streamed for every task, performance of the workflow execution will be decreased due to increased read-write operations. See the Workflow and Connectivity Studio document for details on how to configure bulk mode.
Configuring for Export
Perform these procedures to configure the connector for data export:
- "Configuring the Export Connector
- "Configuring the Export Link"
From the Workflow and Connectivity Studio, select the Google Multi UserExport workflow listed under the projects folder.
If a workflow does not already exist, create an export workflow. See Workflow and Connectivity Studio for details on creating export workflows.
Configuring the Export Connector
- In the Design pane, double-click the export object (the first workflow object after the Start object). The Configure Data Source window displays:

-
From the Configure Plug-in tab, set these properties as required:
Associated Connected System Select the connected system from the list. The export operation will be done from this connected system. |
Data Formats Select the type of data format to use: Profiles (default) or ChangeLog. |
DeltaExportMode
Select the type of attribute to export if a change takes place (this works in conjunction with ExportMode when DeltaExport is selected):
- OnlyChangedAttributes - Performs a partial export of only the changed attributes from the last time the query was run.
- ChangedAndMandatoryAttributes (default) - Performs a partial export of both changed and mandatory attributes from the last time the query was run. Mandatory attributes are exported whether they have been changed or not.
- AllAttributes - Performs a full export of all attributes that contain a value.
|
DynamicConnectedSystem Select the global variable to use as the dynamic connected system name. This works in conjunction with DynamicConnectedSystemOption when GlobalVariable is selected. |
DynamicConnectedSystemOption Select how to control Dynamic System Support (DSS):
- None - There will not be any Dynamic System Support.
- Transaction-SystemName - The value of the Transaction-SystemName attribute in data will be used as the dynamic connected system. The connected system name must be passed as the value of the attribute Transaction-SystemName; if it is missing in data, the operation will fail.
- GlobalVariable - Select a global variable to use as the dynamic connected system name from the property DynamicConnectedSystem.
|
ExportMode Select the type of data to export:
- FullExport - Exports all attributes.
- DeltaExport - Exports changed, mandatory, or all attributes, depending on the DeltaExportMode property setting.
|
Filter Specify search criteria to determine the objects to be exported from the container specified in ExportDN. Use the Set Filter button that becomes active to create a filter. See "Set Filter" on page 34 for additional information. |
FoldSubRecords If set to TRUE, sub records are folded and returned as attributes.
|
GetCalendarById Specify the calendar ID to fetch the details of a Calendar. This property is available only for Calendar data format.
|
GetCalendarResourceById Specify the resource ID to fetch the details of a Calendar Resource. This property is available only for Calendar Resource data format.
|
GetDeviceByID Specify the ID to fetch the details of a chrome device. This property is available only for Chrome Device data format.
|
GetDeviceByResourceID Specify the ResourceID to fetch the details of a mobile device. This property is available only for Mobile Device data format.
|
GetGroupByEmail Specify the group email ID to fetch the details of a group. This property is available only for Group data format.
|
GetUserByEmail Configuration property with the email of the user. If this property is configured, other export related configuration properties (Filter, Maxresults, ResultsPerPage) are ignored.
|
MaxResults Select the maximum number of results that can be returned
|
ResultsPerPage Configuration to control the items to be fetched per page.
|
Note: Hover the pointer over a property to view its description. |

- The calendar export operation works with the value given in plug-in property GetCalendarById
-
If the value is empty, it exports all calendars from the account which is configured in connected system parameter "Admin Email Address".
-
If the given value is the same "Admin Email Address" configured in connected system page, it exports the primary calendar of the account.
-
If we set the value as another user’s email, it impersonates and export primary calendar of the given account.
-
(Optional) Select the Attributes tab. Only standard attributes display:

Modify schema attributes using these buttons.
Description |
Add Adds additional attributes to the list. The Add New Attribute dialog displays. |
Export Exports the schema list to an XML file. |
Import Imports the schema list from an XML file. |
Refresh Schema Dynamically discovers the schema from the connected system. It also includes local as well as global attributes added in the Studio.
|
Reset Schema Resets the schema definition to the default schema prepackaged with the IdM Suite, plus any global variable added.
|
- Optional) Select the Appearance tab to change how the Connected System object displays in the Design pane.
-
Click OK to save any changes and return to the Workflow and Connectivity Studio window.
Configuring the Export Link
-
In the Design pane, double-click the export link between the export object (the first workflow object after the Start object) and the Data Mapper object. The Configure Link window displays:

Description |
Source Attributes Select the attributes to export. |
Selected Attributes Displays default attributes and those attributes that have been selected from the Source Attributes.
Notes: The check boxes are used only for delta export operations. These checked attributes will always be exported whether they were changed or not. Usually, the attributes that are selected as mandatory attributes help in identifying or verifying an entry when completing mapping functions.
|
Format Displays the Format Date window to specify a date/time format to be applied to the selected date type attribute, for example, whenChanged. During export, the attribute’s value is converted to the specified format. See the Format Date steps below for additional information. Notes:
- The Format button is only enabled for date attributes.
- The Refresh Schema button on the Configure Data Source window’s Attributes tab must be used to refresh the schema and enable the Format button for date attributes.
|
Advanced Settings Displays the Configure Attributes window for configuring advanced settings for attributes. See the Configure Attributes window on page 39 for additional information. |
- From the Attribute Selection tab, select attributes to export.
- (Optional) Click the Format button to specify a date/time format to be applied to the selected date type attribute. The Format Date window displays.
- Select the Include Time check box to add the timestamp with the date.
- Select the 24 Hour or 12 Hour option button and then select the required date/time format.
- Click OK to save the selected format. The Configure Link window displays.
- Click OK to save any changes and return to the Workflow and Connectivity Studio window.
- Deploy the workflow by selecting Deploy ► New Deployment. See the Workflow and Connectivity Studio documentation for details of deployment options.
- Manage and run the deployed workflow from the Admin UI ► Server tab. See the Identity Suite Administration documentation for details.
Configuring for Import
Perform these procedures to configure the connector for data import:
- Configuring the Import Connector
- Configuring the Import Link
From the Workflow and Connectivity Studio, select the Google Multi UserAdd, UserModify, or UserDelete workflow listed under the projects folder.
If a workflow does not already exist, create an import workflow. See the Workflow and Connectivity Studio documentation for details on creating import workflows.
Configuring the Import Connector
- In the Design pane, double-click the import object (the last workflow object). The Configure Data Source window displays:

-
From the Configure Plug-in tab, set these properties as required:
Associated Connected System Select the connected system from the list. The import operation will be done to this connected system. |
Data Formats Select the type of data format to use: Profiles (default) or ChangeLog. |
DynamicConnectedSystem Select the global variable to use as the dynamic connected system name. This works in conjunction with DynamicConnectedSystemOption when GlobalVariable is selected. |
DynamicConnectedSystemOption Select how to control Dynamic System Support (DSS):
- None - There will not be any Dynamic System Support.
- Transaction-SystemName - The value of the Transaction-SystemName attribute in data will be used as the dynamic connected system. The connected system name must be passed as the value of the attribute Transaction-SystemName; if it is missing in data, the operation will fail.
- GlobalVariable - Select a global variable to use as the dynamic connected system name from the property DynamicConnectedSystem.
See the Dynamic System Support appendix in the Workflow and Connectivity Studio document for additional information.
|
ExecuteGIGAssociatedTaskAsynchronously Property which controls execution mode for GIG associated tasks. If this property is true and the task connected system has GIG association, task is executed asynchronously. If this property is false, GIG associated tasks will execute asynchronously with a blocking call. This blocking call can result in timeout issues if the task takes more time than the SOAP call timeout. This property is ignored if there is no GIG association or task is executed from Studio.
|
Id * Enter the attribute that contains the value used to uniquely identify the user account user ID on the connected system. |
loginId * Enter the attribute that contains the value used to uniquely identify the user account login ID on the connected system. |
Notes: * accountDN, Id, and loginId are used by the Provisioning Policy and IdentityHub features to populate the ACCOUNT_DN, ACCOUNT_ID, and ACCOUNT_USERNAME columns of the FISC_USER_ACCOUNT table of the Product database. See the ‘Provisioning Policy’ and ‘Provisioning Using the IdentityHub’ chapters of the Identity Suite Administration Guide for details. Hover the pointer over a property to view its description.
|

-
For the Calender Data format, Exception Date can be handled with the plugin property named ExDateProcessOnAddEvent.
Values for this property are:
-
MarkDayAsExcluded (default) - This marks the exceptional day events as excluded in google page.
-
CancellEventOnDay - This cancels the event on the given exceptional day.
-
During add event on Google Calendar with ExDateProcessOnAddEvent value as MarkDayAsExcluded.
- The Exceptional date (EXDATE) value in attribute recurrence will show as except on google page.
Example: 9th May 2016 and 11th may 2016 <recurrence>EXDATE;VALUE=DATE:20160509</recurrence><recurrence>EXDATE;VALUE=DATE:20160511</recurrence>
- The attribute recurrenceDate is not effective.
-
During add event on Google Calendar with ExDateProcessOnAddEvent value as CancellEventOnDay
- The Exceptional date ( EXDATE ) value in attribute recurrence show as excluded in google page.
- This will cancel (will disappear) all recurrence event instances with the given Exceptional Date ( EXDATE ) in attribute recurrence.
Example: 9th May 2016 and 11th may 2016 <recurrence>EXDATE;VALUE=DATE:20160509</recurrence><recurrence>EXDATE;VALUE=DATE:20160511</recurrence
- The attribute recurrenceDate is not effective.
-
Modify an existing event on Google Calendar.
- ExDateProcessOnAddEvent is not effective here.
- The attribute recurrenceDate can use to cancel an instance of a recurring event; if the status is cancelled.
Example: 25th May 2016<recurrenceDate>2016-05-25</recurrenceDate> <status>cancelled</status>
-
(Optional) Select the Attributes tab. Only standard attributes display:

Modify schema attributes with the buttons.
- (Optional) Select the Appearance tab to change how the Connected System object displays in the Design pane.
-
Click OK to save any changes and return to the Workflow and Connectivity Studio window.
Configuring the Import Link
-
In the Design pane, double-click the import link between the Data Mapper object and the import object (the last workflow object). The Configure Link window displays:

Source Attributes Select the attributes to import. |
Check for attribute-level auditing. If auditing is enabled and these attributes below are checked, Provisioning will log all events for auditing purposes.
|
Selected Attributes Displays default attributes and those attributes that have been selected from the Source Attributes. Note: The default attributes are those that are commonly used to create a new user. |
Advanced Settings Displays the Configure Attributes window for configuring advanced settings for attributes. Under the Encrypted column, check the box of any attribute that needs to be encrypted. Under the Diff With Target column, check the box of any attribute to update using differencing (DiffWithTarget, AddDiffWithTarget, and RemoveDiffWithTarget). |
Audit Key Select the attribute to associate with the Audit Key.
|
-
From the Attribute Selection tab, select attributes to import.
-
(Optional) Select the Appearance tab to change how the link displays in the Design pane.
- Click OK to save any changes and return to the Workflow and Connectivity Studio window.
-
Deploy the workflow by selecting Deploy ► New Deployment. See the Workflow and Connectivity Studio for details of deployment options.
-
Manage and run the deployed workflow from the Admin UI ► Server tab. See the Identity Suite Administration documentation for details.
Connector Details for Provisioning
Configuration import properties accountDN, Id, and loginId are used by the Provisioning Policy and IdentityHub features to populate the ACCOUNT_DN, ACCOUNT_ID, and ACCOUNT_USERNAME columns of the FISC_USER_ACCOUNT table of the Product database. See the ‘Provisioning Policy’ and ‘Provisioning Using the IdentityHub’ chapters of the Identity Suite Administration Guide for details.
Configuration Import Properties |
Identity Property
|
System Attribute
|
id |
primaryEmail |
login id |
primaryEmail
|
|
Connector Supported Dataformats
This connector supports four different dataformats for import and export. User, Group, Calendar Resource & Calendar.
USER Dataformat
We can use this data format in import mode to manage users. User management include add/modify/delete user, manage user attributes, user aliases and user’s group memberships. We can use this in export mode to fetch user attributes, user aliases and user’s group memberships.
API Scopes
Since we are using service account to invoke Google API, the service account must be given access to invoke the API. We are expecting only the minimal access corresponding to the action we are doing. Following are the minimal API access scope required for each user data format operation. We need group level scopes since user data format fetch and manage group memberships.
Connector Attributes
The items in the Export, Create, Modify, and Delete columns have these meanings:
- y = Yes (attribute is supported for this operation)
- n = No (attribute is not supported for this operation)
- y* = Required (attribute is mandatory for this operation)
- NA = Not applicable
Google Multi Connector Attributes for User Dataformat
|
Name
|
MV
|
Create
|
Modify
|
Delete
|
Description
|
familyName |
N |
Y* |
Y |
N |
The user's last name. Required when creating a user account. |
givenName |
N |
Y* |
Y |
N |
The user's first name. Required when creating a user account. |
fullName |
N |
N |
N |
N |
Generates using the given and family names of the user. This is a read only field. The maximum number of characters in the givenName and in the familyName values is 60. In addition, name values support unicode/UTF-8 characters, and can contain spaces, letters (a-z), numbers (0-9), dashers(-), forward slashes (/), and periods (.) |
password |
N |
Y* |
Y |
N |
Stores the password for the user account. The user's password value is required when creating a user account. It is optional when updating a user and should only be provided if the user is updating their account password.A password can contain any combination of ASCII characters. A minimum of 8 characters is required. The maximum length is 100 characters.We recommend sending the password property value as a base 16 bit encoded hash value. If a hashFunction is specified, the password must be a valid hash key.The password value is never returned in the API's response body. |
primaryEmail |
N |
Y* |
Y* |
Y* |
The user's primary email address. This property is required in a request to create a user account. The primaryEmail must be unique and cannot be an alias of another user. |
userID |
N |
N |
N |
N |
The unique ID for the user. |
changePasswordAtNextLogin |
N |
Y |
Y |
N |
Indicates if the user is forced to change their password at next login. |
aliases |
Y |
Y |
Y |
N |
An alias is another address where people can email the user. |
hashFunction |
N |
Y |
Y |
N |
Stores the hash format of the password property. We recommend sending the password property value as a base 16 bit encoded hash value. Set the hashFunction values as SHA-1 or MD5 hash format. |
includeInGlobalAddressList
|
N |
Y |
Y |
N |
Indicates if the user's profile is visible in the Google Apps global address list when the contact sharing feature is enabled for the domain. For more information about excluding user profiles, see the administration help center. |
ipWhitelisted |
N |
Y |
Y |
N |
If true, the user's IP address is white listed. |
orgUnitPath |
N |
Y |
Y |
N |
The full path of the parent organization associated with the user. If the parent organization is the top-level, it is represented as a forward slash (/). |
suspended |
N |
Y |
Y |
N |
Indicates if the user is suspended. |
isAdmin |
N |
Y |
Y |
N |
Indicates a user with super admininistrator privileges. The isAdmin property can only be edited in the Make a user an administrator operation (makeAdmin method). If edited in the user insert or update methods, the edit is ignored by the API service
|
isDelegatedAdmin |
N |
N |
N |
N |
Indicates if the user is a delegated administrator. Delegated administrators are supported by the API but cannot create or undelete users, or make users administrators. These requests are ignored by the API service. Roles and privileges for administrators are assigned using the Admin console
|
lastLoginTime |
N |
N |
N |
N |
The last time the user logged into the user's account. The value is in ISO 8601 date and time format. The time is the complete date plus hours, minutes, and seconds in the form YYYY-MM-DDThh:mm:ssTZD. For example, 2010-04-05T17:30:04+01:00.
|
creationTime |
N |
N |
N |
N |
The time the user's account was created. The value is in ISO 8601 date and time format. The time is the complete date plus hours, minutes, and seconds in the form YYYY-MM-DDThh:mm:ssTZD. For example, 2010-04-05T17:30:04+01:00.
|
agreedToTerms |
N |
N |
N |
N |
This property is true if the user has completed an initial login and accepted the Terms of Service agreement |
customerId |
N |
N |
N |
N |
A Google Apps account is uniquely identified by a customerId. This identifier is not the same as the account's domain name nor the customer's public business or personal name. This immutable string identifies the Google Apps account and is used in any administrator activity request and response used in the API. |
isMailboxSetup |
N |
N |
N |
N |
Indicates if the user's Google mailbox is created. This property is only applicable if the user has been assigned a Gmail license. |
thumbnailPhotoUrl |
N |
N |
N |
N |
Photo Url of the user (Read-only) |
deletionTime |
N |
N |
N |
N |
The time the user's account was deleted. The value is in ISO 8601 date and time format. The time is the complete date plus hours, minutes
|
MemberOf->GroupEmail |
N |
Y |
Y |
Y |
Group in which the user is a member. |
MemberOf->Role |
N |
Y |
Y |
Y |
The member's role in a group. Allowed values are OWNER, MANAGER, MEMBER.
- OWNER: This role can send messages to the group, add or remove members, change member roles, change group's settings, and delete the group. An OWNER must be a member of the group. A group can have more than one OWNER.
- MANAGER: This role is only available if the Google Groups for Business is enabled using the Admin console. A MANAGER role can do everything done by an OWNER role except make a member an OWNER or delete the group. A group can have multiple MANAGER members.
- MEMBER: This role can subscribe to a group, view discussion archives, and view the group's membership list.
|
Employee.ID |
N |
Y |
Y |
Y |
The value of the ID. |
Employee.Type |
N |
Y |
Y |
Y |
The description of the organization. |
Employee.Title |
N |
Y |
Y |
Y |
The user's title within the organization, for example 'member' or 'engineer'. |
Employee.Manager |
N |
Y |
Y |
Y |
The name of the person the user is related to. |
Employee.Department |
N |
Y |
Y |
Y |
Specifies the department within the organization, such as 'sales' or 'engineering'. |
Employee.CostCenter |
N |
Y |
Y |
Y |
The cost center of the user's organization. |
Phone->value |
Y |
Y |
Y |
Y |
A human-readable phone number. It may be in any telephone number format. |
Phone->primary |
Y |
Y |
Y |
Y |
Indicates if this is the user's primary phone number. A user may only have one primary phone number. |
Phone->type |
Y |
Y |
Y |
Y |
The type of phone number. |
Phone->customType |
Y |
Y |
Y |
Y |
If the value of type is custom, this property contains the custom type. |
|
EMail Settings Attributes for User Dataformat
|
Name
|
MV
|
Create
|
Modify
|
Delete
|
Description
|
EmailSettings.SendAs->name |
Y |
Y* |
Y* |
N |
The name that will appear in the "From" field for this user. |
EmailSettings.SendAs->address |
Y |
Y* |
Y* |
N |
The email address that appears as the origination address for emails sent by this user. |
EmailSettings.SendAs->replyTo |
Y |
Y |
Y |
N |
(Optional) If set, this address will be included as the reply-to address in emails sent using the alias. |
EmailSettings.SendAs->makeDefault |
Y |
Y |
Y |
N |
(Optional) If set to true, this alias will be become the new default alias to send-as for this user. |
EmailSettings.SendAs->isDefault |
Y |
Y |
Y |
N |
(Optional) If set to true, this alias will be become the new default alias to send-as for this user. |
EmailSettings.WebclipEnable |
N |
Y |
Y |
N |
Whether to enable showing Web clips. |
EmailSettings ForwardEnable |
N |
Y |
Y* |
N |
Whether to enable forwarding of incoming mail. |
EmailSettings.ForwardTo
|
N |
Y |
Y |
N |
The email will be forwarded to this address. |
EmailSettings.ForwardAction |
N |
Y |
Y |
N |
What Google Mail should do with its copy of the email after forwarding it on. |
EmailSettings.PopEnable |
N |
Y |
Y* |
N |
Whether to enable POP access. |
EmailSettings.PopEnableFor |
N |
Y |
Y |
N |
Whether to enable POP for all mail, or mail from now on. |
EmailSettings.PopAction |
N |
Y |
Y |
N |
What Google Mail should do with its copy of the email after it is retrieved using POP. |
EmailSettings.ImapEnable |
N |
Y |
Y* |
N |
Whether to enable IMAP access. |
EmailSettings.VacationResponseContactsOnly |
N |
Y |
Y |
N |
Whether to only send the autoresponse to known contacts. |
EmailSettings.VacationResponseDomainOnly |
N |
Y |
Y |
N |
Whether to only send the autoresponse to users in the same primary domain as the user taking the vacation. |
EmailSettings.VacationResponseEnable |
N |
Y* |
Y* |
N |
Whether to enable the vacation-responder. |
EmailSettings.VacationResponseSubject |
N |
Y* |
Y* |
N |
The subject line of the vacation-responder autoresponse. |
EmailSettings.VacationResponseMessage |
N |
Y* |
Y* |
N |
The message body of the vacation-responder autoresponse.. |
EmailSettings.VacationResponseStartDate |
N |
Y |
Y |
N |
The first day when the vacation responder was enabled for the user. In this version of the API, the startDate is in the UTC timezone, not the user's timezone. Also see the endDate property. |
EmailSettings.VacationResponseEndDate |
N |
Y |
Y |
N |
The last day until which vacation responder is enabled for the user. In this version of the API, the endDate is the UTC timezone, not the user's timezone. Also see the startDate property. |
|
Contact Attributes for User Dataformat
The acting key attributes used for contact comparison are in following order. If any one of the attribute value get matched, then contact operation (add/modify/delete) would perform accordingly.
- Contact→Id
- Contact->Email->Address ( primary)
- Contact->Email->Address (secondary)
- Contact-> GivenName
- Contact-> FullName
- Contact-> AdditionalName
|
Contact Attributes for User Dataformat
|
Name
|
MV
|
Create
|
Modify
|
Delete
|
Description
|
Contact->AdditionalName |
Y |
Y |
Y |
Y |
Additional name of the person eg: Middle name.
|
Contact->BillingInformation |
Y |
Y |
Y |
N |
Specifies billing information of the entity represented by the contact. The element cannot be repeated. |
Contact->Birthday |
Y |
Y |
Y |
N |
Stores birthday date of the person represented by the contact. The element cannot be repeated. |
Contact->DirectoryServer |
Y |
Y |
Y |
N |
A directory server associated with this contact. May not be repeated. |
Contact->Email->Address |
Y |
Y* |
Y* |
Y* |
Email address. |
Contact->Email->DisplayName
|
Y |
Y |
Y |
N |
A display name of the entity (e.g. a person) the email address belongs to. |
Contact->Email->Label |
Y |
Y |
Y |
N |
A simple string value used to name this email address. It allows UIs to display a label such as "Work", "Personal", "Preferred", etc. |
Contact->Email->Primary |
Y |
Y |
Y |
N |
When multiple email extensions appear in a contact kind, indicates which is primary. At most one email may be primary. Default value is "false". |
Contact->Email->Quota |
Y |
Y |
Y |
N |
Email quota. |
Contact->Email->Rel |
Y |
Y |
Y |
N |
A programmatic value that identifies the type of email |
Contact->FamilyName |
Y |
Y |
Y |
N |
Person's additional name. |
Contact->FullName |
Y |
Y |
Y |
Y |
Unstructured representation of the name. |
Contact->Gender |
Y |
Y |
Y |
N |
Specifies the gender of the person represented by the contact. The element cannot be repeated. |
Contact->GivenName |
Y |
Y |
Y |
Y |
Specifies given name of the person |
Contact->Group->Name |
Y |
Y |
Y |
N |
Contact group name |
Contact->Id |
Y |
Y* |
Y* |
Y |
Contact id |
Contact->Im->Address |
Y |
Y |
Y |
N |
Instant Messenger address. |
Contact->Im->Label |
Y |
Y |
Y |
N |
A simple string value used to name this IM address. It allows UIs to display a label such as "Work", "Personal", "Preferred", etc. |
Contact->Im->Primary |
Y |
Y |
Y |
N |
When multiple IM extensions appear in a contact kind, indicates which is primary. At most one IM may be primary. Default value is "false". |
Contact->Im->Protocol |
Y |
Y |
Y |
N |
Identifies the IM network. The value may be either one of the standard values (shown below) or a URI identifying a proprietary IM network. |
Contact->Initials |
Y |
Y |
Y |
N |
Specifies the initials of the person represented by the contact. The element cannot be repeated. |
Contact->Jot->Value |
Y |
Y |
Y |
N |
Storage for arbitrary pieces of information about the contact. The element can be repeated. |
Contact->Language->Code |
Y |
Y |
Y |
N |
A language code conforming to the IETF BCP 47 specification. |
Contact->Language->Label |
Y |
Y |
Y |
N |
A freeform name of a language. Must not be empty or all whitespace. |
Contact->MaidenName |
Y |
Y |
Y |
N |
Specifies maiden name of the person represented by the contact. The element cannot be repeated. |
Contact->Mileage |
Y |
Y |
Y |
N |
Specifies the mileage for the entity represented by the contact. Can be used for example to document distance needed for reimbursement purposes. The value is not interpreted. The element cannot be repeated. |
Contact->NamePrefix |
Y |
Y |
Y |
N |
Honorific prefix, eg: 'Mr' or 'Mrs'. |
Contact->NameSuffix |
Y |
Y |
Y |
N |
Honorific suffix, eg: 'san' or 'III'. |
Contact->NickName |
Y |
Y |
Y |
N |
Specifies the nickname of the person represented by the contact. The element cannot be repeated. |
Contact->Occupation |
Y |
Y |
Y |
N |
Specifies the occupation/profession of the person specified by the contact. The element cannot be repeated. |
Contact->Organization->Label |
Y |
Y |
Y |
N |
A simple string value used to name this organization. It allows UIs to display a label such as "Work", "Volunteer", "Professional Society", etc. |
Contact->Organization->OrgDepartment
|
Y |
Y |
Y |
N |
Specifies a department within the organization. |
Contact->Organization->OrgJobDescription
|
Y |
Y |
Y |
N |
Description of a job within the organization. |
Contact->Organization->OrgName
|
Y |
Y |
Y |
N |
The name of the organization. |
Contact->Organization->OrgSymbol
|
Y |
Y |
Y |
N |
Symbol of the organization. |
Contact->Organization->OrgTitle
|
Y |
Y |
Y |
N |
The title of a person within the organization. |
Contact->Organization->Primary
|
Y |
Y |
Y |
N |
When multiple organizations extensions appear in a contact kind, indicates which is primary. At most one organization may be primary. Default value is "false". |
Contact->Organization->Where
|
Y |
Y |
Y |
N |
A place associated with the organization |
Contact->PhoneNumber->Label
|
Y |
Y |
Y |
N |
A simple string value used to name this phone number and allows UIs to display a proper label such as "Mobile", "Home", "Work", etc. |
Contact->PhoneNumber->Number
|
Y |
Y |
Y |
N |
Human-readable phone number |
Contact->PhoneNumber->Primary |
Y |
Y |
Y |
N |
When multiple phone number extensions appear in a contact kind, indicates which is primary. At most one phone number may be primary. Default value is "false". |
Contact->PhoneNumber->URI |
Y |
Y |
Y |
N |
An optional "tel URI" used to represent the number in a formal way, useful for programmatic access, such as a VoIP/PSTN bridge. |
Contact->PostalAddress->Label |
Y |
Y |
Y |
N |
A simple string value used to name this address. |
Contact->PostalAddress->Primary |
Y |
Y |
Y |
N |
When multiple postal address extensions appear in a contact kind, indicates which is primary. At most one postal address may be primary. Default value is "false". |
Contact->PostalAddress->Value |
Y |
Y |
Y |
N |
The address as text. Leading and trailing whitespace is insignificant. Newlines within the string are significant. |
Contact->Priority |
Y |
Y |
Y |
N |
Classifies importance of the contact into 3 categories: Low Normal High The priority element cannot be repeated.
|
Contact->Relation->Label |
Y |
Y |
Y |
N |
A simple string value used to name this relation. The value must not be empty or all whitespace. |
Contact->Relation->Value |
Y |
Y |
Y |
N |
A programmatic value that identifies the type of relation. |
Contact->ShortName |
Y |
Y |
Y |
N |
Specifies short name of the person represented by the contact. The element cannot be repeated. |
Contact->StructuredPostalAddress->Agent |
Y |
Y |
Y |
N |
The agent who actually receives the mail. Used in work addresses. Also for 'in care of' or 'c/o'. |
Contact->StructuredPostalAddress->City |
Y |
Y |
Y |
N |
Can be city, village, town, borough, etc. This is the postal town and not necessarily the place of residence or place of business. |
Contact->StructuredPostalAddress->Country |
Y |
Y |
Y |
N |
Country name |
Contact->StructuredPostalAddress->CountryCode |
Y |
Y |
Y |
N |
Country code |
Contact->StructuredPostalAddress->FormattedAddress |
Y |
Y |
Y |
N |
The full, unstructured postal address. |
Contact->StructuredPostalAddress->HouseName |
Y |
Y |
Y |
N |
Used in places where houses or buildings have names (and not necessarily numbers) |
Contact->StructuredPostalAddress->Label |
Y |
Y |
Y |
N |
A general label for the address. |
Contact->StructuredPostalAddress->MailClass |
Y |
Y |
Y |
N |
Classes of mail accepted at the address. Unless specified both is assumed. |
Contact->StructuredPostalAddress->Neighborhood |
Y |
Y |
Y |
N |
This is used to disambiguate a street address when a city contains more than one street with the same name, or to specify a small place whose mail is routed through a larger postal town. |
Contact->StructuredPostalAddress->PoBox |
Y |
Y |
Y |
N |
Covers actual P.O. boxes, drawers, locked bags, etc. |
Contact->StructuredPostalAddress->PostalCode |
Y |
Y |
Y |
N |
Postal code. Usually country-wide, but sometimes specific to the city |
Contact->StructuredPostalAddress->Primary |
Y |
Y |
Y |
N |
Specifies the address as primary. Default value is false. |
Contact->StructuredPostalAddress->Region |
Y |
Y |
Y |
N |
A state, province, county (in Ireland), Land (in Germany), departement (in France), etc. |
Contact->StructuredPostalAddress->Street |
Y |
Y |
Y |
N |
Contact->StructuredPostalAddress->Street |
Contact->StructuredPostalAddress->Usage |
Y |
Y |
Y |
N |
The context in which this addess can be used. Local addresses may differ in layout from general addresses, and frequently use local script (as opposed to Latin script) as well, though local script is allowed in general addresses. Unless specified general usage is assumed. |
Contact->Subject |
Y |
Y |
Y |
N |
Specifies the subject of the contact. The element cannot be repeated. |
Contact->Website->Href |
Y |
Y |
Y |
N |
A link to the website. |
Contact->Website->Href |
Y |
Y |
Y |
N |
A link to the website. |
Contact->Website->Label |
Y |
Y |
Y |
N |
A simple string value used to name this website. |
Contact->Website->Primary |
Y |
Y |
Y |
N |
When multiple websites appear in an entry, indicates which is primary. At most one website may be primary. Default value is false. |
|
2. Group Dataformat
We can use group data format in import mode to manage groups and group members. We can use this data format in export mode to fetch group details and group members.
API Scopes
Since we are using service account to invoke Google API, the service account must be given access to invoke the API. We are expecting only the minimal access corresponding to the action we are doing. Following are the minimal API access scope required for each user data format operation. We need group level scopes since user data format fetch and manage group memberships.
Configuration Parameters
The following configuration parameters are supported for this data format.
|
Configuration Parameters
|
Name
|
Type
|
Description
|
DomainNames |
Export |
Comma separated domain names from which groups are to be exported in multi domain scenario. Keep this empty when groups are to be fetched from all domains. |
GetGroupByEmail |
Export |
Option to fetch details of a group by providing group email. |
GetGroupsByUserEmail |
Export |
Option to fetch groups in which the given user is a member. |
MaxResults |
Export |
Maximum number of results to be returned. If this property has a value 0, all entries matching the search criteria are returned. This property can only be configured/used when ExportMode is FullExport. |
ResultsPerPage |
Export |
Number of entries fetched in a single call. Valid range is 1 to 500. Default is 100. |
ExportMode |
Export |
FullExport will export all selected attributes. DeltaExport will export changed, mandatory or all selected attributes. The type of attributes to export is determined in the DeltaExportMode parameter. |
DeltaExportMode |
Export |
When the ExportMode: DeltaExport has been selected, this parameter determines what attributes to export when a change has taken place. If no change has been made no data will be exported. OnlyChangedAttributes will export only the changed attributes. ChangedAndMandatoryAttributes will export changed and mandatory attributes. AllAttributes will export all attributes that contain a value. The default value is ChangedAndMandatoryAttributes. |
FoldSubRecords |
Export |
If this property is TRUE, sub records will be folded and returned as attributes. |
DynamicConnectedSystemOption |
Export/Import |
This property controls the Dynamic Connected System behavior. If the value is set to None (default) then the default connected system name will be used. If this value is set to Transaction-SystemName, then the connected system name will be taken from value of Transaction-SystemName attribute in the data. If Transaction-SystemName does not contain any valid data then the import/export operation will fail. If the value is set to GlobalVariable, then the connected system name will be taken from the property DynamicConnectedSystem. |
DynamicConnectedSystem |
Export/Import |
When the DynamicConnectedSystemOption: GlobalVariable has been selected, we have to select the global variable which is to be used as the dynamic connected system name. |
SubRecordsInFoldedState |
Import |
If this property is TRUE, connector will accept sub records folded as attribute. |
|
|
|
|
Connector Attributes for Group Dataformat
|
Connector Attributes for Group Dataformat
|
Name
|
MV
|
Create
|
Modify
|
Delete
|
Description
|
GroupName |
N |
Y* |
Y |
N |
Name of the group. |
GroupEmail |
N |
Y* |
Y* |
Y* |
The group's email address. If your account has multiple domains, select the appropriate domain for the email address. The email must be unique. This property is required when creating a group. |
GroupID |
N |
N |
N |
N |
The unique ID of a group. |
GroupDescription |
N |
Y |
Y |
Y |
A description to help users determine the purpose of a group. |
GroupMember->Email |
N |
Y |
Y |
Y |
The member's email address. A member can be a user or another group. This property is required when adding a member to a group. |
GroupMember->Role
|
N |
Y |
Y |
N |
The member's role in a group. Allowed values are:
- OWNER: This role can send messages to the group, add or remove members, change member roles, change group's settings, and delete the group. An OWNER must be a member of the group. A group can have more than one OWNER.
- MANAGER: This role is only available if the Google Groups for Business is enabled using the Admin console. A MANAGER role can do everything done by an OWNER role except make a member an OWNER or delete the group. A group can have multiple MANAGER members.
- MEMBER: This role can subscribe to a group, view discussion archives, and view the group's membership list.
|
GroupMember->Type |
N |
Y |
N |
N |
The type of group member. The possible values are: GROUP: The member is another group. USER: The member is a user.
|
Note: The rename operation requires an additional attribute Original_primaryEmail, which specifies the username of the entry being renamed.
|
Attribute for Group Settings in Group Dataformat
|
Attribute for Group Settings in Group Dataformat
|
Name
|
MV
|
Create
|
Modify
|
Delete
|
Description
|
whoCanJoin |
N |
N |
Y |
N |
Permissions to join the group. Possible values are:
- ALL_IN_DOMAIN_CAN_JOIN — Anyone in the account can join. This includes accounts with multiple domains.
- ANYONE_CAN_JOIN — Anyone outside your domain can access your Google Groups service and view the list of groups in your Groups directory.
Warning: Group owners can add external addresses, outside of the domain, to their groups. They can also allow people outside your domain to join their groups. If you later disable this option, any external addresses already added to users' groups remain in those groups.
|
whoCanViewMembership |
N |
N |
Y |
N |
Permissions to view membership. Possible values are:
- ALL_IN_DOMAIN_CAN_VIEW — Anyone in the account can view the group members list.
If a group already has external members, those members can still send email to this group.
- ALL_MANAGERS_CAN_VIEW — The group managers can view group members list.
- ALL_MEMBERS_CAN_VIEW — The group members can view the group members list
|
whoCanViewGroup |
N |
N |
Y |
N |
Permissions to view group. Possible values are:
- ALL_IN_DOMAIN_CAN_VIEW — Anyone in your account can view this group's messages.
- ALL_MANAGERS_CAN_VIEW — Any group manager can view this group's messages.
- ALL_MEMBERS_CAN_VIEW — All group members can view the group's messages.
- ANYONE_CAN_VIEW — Any Google Apps user can view the group's messages.
|
whoCanInvite |
N |
N |
Y |
N |
Permissions to invite members. Possbile values are:
- ALL_MANAGERS_CAN_INVITE — Only managers can invite a new member. this includes the group's owner.
- ALL_MEMBERS_CAN_INVITE — Managers and members can invite a new member candidate.
|
allowExternalMembers |
N |
N |
N |
N |
Allows external members to view and join the group. Possible values are:
- true — Google Apps users external to your account can view or become members of this group.
- false — Users not belonging to the account are not allowed to view or become members of this group.
|
whoCanPostMessage |
N |
N |
Y |
N |
Permissions to post messages to the group. Possible values are:
- ALL_IN_DOMAIN_CAN_POST — Anyone in the account can post a message.
- ALL_MANAGERS_CAN_POST — Managers, including group owners, can post messages.
- ALL_MEMBERS_CAN_POST — Any group member can post a message.
- ANYONE_CAN_POST — Any Google Apps user outside your account can access your Google Groups service and post a message.
- Tip: When the whoCanPostMessage is set to ANYONE_CAN_POST, we recommend the messageModerationLevel property be set to MODERATE_NON_MEMBERS to protect the group from possible spam.
- NONE_CAN_POST — The group is disabled and archived. No one can post a message to this group.
- When archiveOnly value="false", updating the whoCanPostMessage property to NONE_CAN_POST, results in an error.
- If archiveOnly is reverted from "true" to "false", the whoCanPostMessages property is set to ALL_MANAGERS_CAN_POST.
|
allowWebPosting |
N |
N |
Y |
N |
Allows posting to the group web forum. Possible values are:
- true — Allows any member to post to the group forum.
- false — Members only can use Gmail to communicate with the group.
|
primaryLanguage |
N |
N |
Y |
N |
For a group's primary language use the language tags from the Google Apps languages found at Google Apps Email Settings API Email Language Tags
|
maxMessageBytes |
N |
N |
Y |
N |
The maximum size of a message, which, by default, is 1Mb. |
isArchived |
N |
N |
Y |
N |
Allows the contents of the group to be archived. Possible values include:
- true — Archive messages sent to the group.
- false — Do not keep an archive of messages sent to this group. If "false", previously archived messages remain in the archive.
- Related property — archiveOnly
|
archiveOnly |
N |
N |
Y |
N |
Allows the group to be only archived. Possible values are:
- true — Group is archived and the group is inactive. New messages to this group are rejected. The older archived messages are browseable and searchable.
- If "true", the whoCanPostMessage property is set to NONE_CAN_POST.
- If reverted from "true" to "false", whoCanPostMessages is set to ALL_MANAGERS_CAN_POST.
- false — The group is active and can receive messages.
- When "false", updating whoCanPostMessage to NONE_CAN_POST, results in an error.
- Related properties — isArchived, whoCanPostMessages
|
messageModerationLevel |
N |
N |
Y |
N |
Moderation level for messages. Possible values are:
- MODERATE_ALL_MESSAGES — All messages are sent to the group owner's email address for approval. If approved, the message is sent to the group.
- MODERATE_NEW_MEMBERS — All messages from new members are sent to the group owner's email address for approval. If approved, the message is sent to the group.
- MODERATE_NONE — No moderator approval is required. Messages are delivered directly to the group.
- MODERATE_NON_MEMBERS — All messages from non group members are sent to the group owner's email address for approval. If approved, the message is sent to the group.
- Tip: When the whoCanPostMessage is set to ANYONE_CAN_POST, we recommend the messageModerationLevel be set to MODERATE_NON_MEMBERS to protect the group from possible spam.
- Note: When memberCanPostAsTheGroup value="true", any message moderation settings on individual users or new members will not apply to posts made on behalf of the group.
|
spamModerationLevel |
N |
N |
Y |
N |
Sets moderation levels for messages detected as spam. Possible values are:
- ALLOW -- Post the message to the group.
- MODERATE -- Send the message to the moderation queue. This is the default.
- SILENTLY_MODERATE -- Send the message to the moderation queue, but do not send notification to moderators.
- REJECT -- Immediately reject the message.
|
replyTo |
N |
N |
Y |
N |
The default reply to a message is sent here. Possible values are:
- REPLY_TO_CUSTOM — For replies to messages, use the group's custom email address.
- Note: When the group's ReplyTo parameter is set to REPLY_TO_CUSTOM, the customReplyTo parameter holds the custom email address used when replying to a message. If the group's ReplyTo parameter is set to REPLY_TO_CUSTOM, the customReplyTo parameter must have a value. Otherwise an error is returned.
- REPLY_TO_IGNORE — Group users individually decide where the message reply is sent.
- REPLY_TO_LIST — This reply message is sent to the group.
- REPLY_TO_MANAGERS — This reply message is sent to the group's managers, which includes all managers and the group owner.
- REPLY_TO_OWNER — The reply is sent to the owner(s) of the group. This does not include the group's managers.
- REPLY_TO_SENDER — The reply is sent to author of message.
|
customReplyTo |
N |
N |
Y |
N |
An email address used when replying to a message. This address is defined by an account-level administrator. When the group's ReplyTo parameter is set to REPLY_TO_CUSTOM, the customReplyTo parameter holds a custom email address used when replying to a message. If the group's ReplyTo parameter is set to REPLY_TO_CUSTOM, the customReplyTo parameter must have text or an error is returned.
|
sendMessageDenyNotification |
N |
N |
Y |
N |
Allows the member to be notified if his message is denied by owner. The possible values are:
- true — When a message is rejected, send the deny message notification to the message author.
- Note: The defaultMessageDenyNotificationText parameter is dependent on the sendMessageDenyNotification parameter being "true".
- false — When a message is rejected, no notification is sent.
|
defaultMessageDenyNotificationText |
N |
N |
Y |
N |
When a message is rejected, this is text for the rejection notification sent to the message's author. By default, this parameter is empty and has no value in the API's response body. The maximum notification text size is 10,000 characters. Note: Requires sendMessageDenyNotification parameter to be "true".
|
showInGroupDirectory |
N |
N |
Y |
N |
Allows groups to be listed in the Groups directory. The possible values are:
- true — All groups in the account are listed in the Groups directory.
- false — All groups in the account are not listed in the directory.
|
allowGoogleCommunication |
N |
N |
Y |
N |
Allows Google to contact group administrators. Possible values are:
- true — Allow Google to contact managers of this group. Occasionally Google may send updates on the latest features, ask for input on new features, or ask for permission to highlight your group.
- false — Google can not contact managers of this group.
|
membersCanPostAsTheGroup |
N |
N |
Y |
N |
Allows members to post using the group email address. Possible values are:
- true — Group members can post messages using the group's email address instead of the member's own email address. Message appears to originate from the group itself.
- Note: When true, any message moderation settings on individual users or new members do not apply to posts made on behalf of the group.\
- false — Members can not post in behalf of the group's email address.
|
messageDisplayFont |
N |
N |
Y |
N |
Default message's display font. Possible values are:
- whoCanContactOwnerDEFAULT_FONT — Messages are displayed using the account's default font.
- FIXED_WIDTH_FONT — Messages are displayed using a fixed width font. Example:this text is in a fixed width font.
|
includeInGlobalAddressList |
N |
N |
Y |
N |
Enables the group to be included in the Global Address List Possible values are:
- true -- Group is included in the Global Address List.
- false -- Group is not included in the Global Address List.
|
whoCanLeaveGroup |
N |
N |
Y |
N |
Sets who can leave the group. Possible values are:
- ALL_MANAGERS_CAN_LEAVE
- ALL_MEMBERS_CAN_LEAVE
|
whoCanContactOwner |
N |
N |
Y |
N |
Sets who can contact the group owner. Possible values are:
- ALL_IN_DOMAIN_CAN_CONTACT
- ALL_MANAGERS_CAN_CONTACT
- ALL_MEMBERS_CAN_CONTACT
- ANYONE_CAN_CONTACT
|
|
Calendar Resource Dataformat
This dataformat is used to manage calendar resources used in creating calendar events. Examples of calendar resources are meeting rooms, projectors, company cars or any other resource that people in the organization might schedule to use.
|
Attributes for Calendar Resource Dataformat
|
Name
|
MV
|
Create
|
Modify
|
Delete
|
Description
|
resourceId |
N |
Y* |
Y* |
Y* |
The unique name for the resource |
resourceCommonName |
N |
Y* |
Y |
N |
The resource name seen by users in a calendar's resource list |
resourceDescription |
N |
Y* |
Y |
Y |
The brief summary of the resource to be shown in the control panel |
resourceType |
N |
Y* |
Y |
N |
The type is a general category common to several resources |
resourceEmail |
N |
N |
N |
N |
The resource email address is the public address used to view and reserve this resource in a calendar. |
|
Calendar Dataformat
We can use this data format to import and manage calendar events in google calendar . Exporting the calendar events is also possible using this dataformat.
API Scopes
Since we are using service account to invoke Google Calendar API v3, the service account must be given access to invoke the API. We are expecting only the minimal access corresponding to the action we are doing. Following are the minimal API access scope required for each calendar data format operation.
|
Attributes for Calendar Dataformat
|
Name
|
MV
|
Create
|
Modify
|
Delete
|
Description
|
id |
N |
Y* |
Y* |
Y* |
Identifier of the calendar. |
defaultReminder->method |
Y |
Y* |
Y |
N |
The method used by this reminder. Possible values are:
- "email" - Reminders are sent via email.
- "sms" - Reminders are sent via SMS.
- "popup" - Reminders are sent via a UI popup.
|
defaultReminder->minutes
|
Y |
Y* |
Y |
N |
Number of minutes before the start of the event when the reminder should trigger. |
backgroundColor |
N |
N |
N |
N |
The main color of the calendar in the format '#0088aa'. This property supersedes the index-based colorId property. Optional. |
foregroundColor |
N |
N |
N |
N |
The foreground color of the calendar in the format '#ffffff'. This property supersedes the index-based colorId property. Optional. |
selected |
N |
Y |
Y |
N |
Whether the calendar content shows up in the calendar UI. Optional. The default is False. |
hidden |
N |
Y |
Y |
N |
Whether the calendar has been hidden from the list. Optional. The default is False. |
timeZone |
N |
Y |
Y |
N |
The time zone of the calendar. Optional. Read-only. |
primary |
N |
N |
N |
N |
Whether the calendar is the primary calendar of the authenticated user. Read-only. Optional. The default is False. |
description |
N |
Y |
Y |
Y |
Description of the calendar. Optional. |
location |
N |
Y |
Y |
Y |
Geographic location of the calendar as text. |
Event->anyoneCanAddSelf |
N |
Y |
Y |
N |
Whether anyone can invite themselves to the event. Optional. The default is False. |
Event->attendeesOmitted |
Y |
Y |
Y |
N |
Whether attendees may have been omitted from the event's representation. When retrieving an event, this may be due to a restriction specified by the 'maxAttendee' query parameter. When updating an event, this can be used to only update the participant's response. Optional. The default is False. |
Event->attendee->additionalGuests |
Y |
Y |
Y |
N |
Number of additional guests. Optional. The default is 0. |
Event->attendee->comment |
Y |
Y |
Y |
N |
The attendee's response comment. Optional. |
Event->attendee->displayName |
Y |
Y |
Y |
N |
The attendee's name, if available. Optional. |
Event->attendee->email |
Y |
Y |
Y |
N |
The attendee's email address, if available. This field must be present when adding an attendee. |
Event->attendee->id |
Y |
Y |
Y |
N |
The attendee's Profile ID, if available. |
Event->attendee->optional |
Y |
Y |
Y |
N |
Whether this is an optional attendee. Optional. The default is False. |
Event->attendee->organizer |
Y |
Y |
Y |
N |
Whether the attendee is the organizer of the event. Read-only. The default is False. |
Event->attendee->resource |
Y |
Y |
Y |
N |
Whether the attendee is a resource. Read-only. The default is False. |
Event->attendee->responseStatus |
Y |
Y |
Y |
N |
The attendee's response status. Possible values are:
- "needsAction" - The attendee has not responded to the invitation.
- "declined" - The attendee has declined the invitation.
- "tentative" - The attendee has tentatively accepted the invitation.
- "accepted" - The attendee has accepted the invitation.
|
Event->attendee->self |
Y |
Y |
Y |
N |
Whether this entry represents the calendar on which this copy of the event appears. Read-only. The default is False. |
Event->colorId |
N |
Y |
Y |
N |
The color of the event. This is an ID referring to an entry in the "event" section of the colors definition (see the "colors" endpoint). Optional. Creation time of the event (as a RFC 3339 timestamp). Read-only.
|
Event->createdOn |
N |
N |
N |
N |
Creation time of the event (as a RFC 3339 timestamp). Read-only. |
Event->creatorDisplayName |
N |
N |
N |
N |
The creator's name, if available. |
Event->creatorEmail |
N |
N |
N |
N |
The creator's email address, if available. |
Event->creatorId |
N |
N |
N |
N |
The creator's Profile ID, if available. |
Event->creatorSelf |
N |
N |
N |
N |
Whether the creator corresponds to the calendar on which this copy of the event appears. Read-only. The default is False. |
Event->description |
N |
Y |
Y |
Y |
Description of the event. Optional. |
Event->endDate |
N |
Y |
Y |
Y |
The date, in the format "yyyy-mm-dd", if this is an all-day event. |
Event->endDateTime |
N |
Y |
Y |
Y |
The time, as a combined date-time value (formatted according to RFC 3339). A time zone offset is required unless a time zone is explicitly specified in 'timeZone'. |
Event->endTimeZone |
N |
Y |
Y |
Y |
The name of the time zone in which the time is specified (e.g. "Europe/Zurich"). Optional. The default is the time zone of the calendar. |
Event->endTimeUnspecified |
N |
N |
N |
N |
Whether the end time is actually unspecified. An end time is still provided for compatibility reasons, even if this attribute is set to True. The default is False. |
Event->extendedProperty->Key |
Y |
Y |
Y |
N |
Key of the extended property. |
Event->extendedProperty->Value |
Y |
Y |
Y |
N |
Value of the extended property. |
Event->extendedProperty->Type |
Y |
Y |
Y |
N |
Type of the property denotes whether it is shared or private. Possible values are “shared” or “private” . |
Event->gadgetDisplay |
N |
N |
N |
N |
he gadget's display mode. Optional. Possible values are:
- "icon" - The gadget displays next to the event's title in the calendar view.
- "chip" - The gadget displays when the event is clicked.
|
Event->gadgetHeight |
N |
N |
N |
N |
The gadget's height in pixels. Optional. |
Event->gadgetIconLink |
N |
N |
N |
N |
The gadget's icon URL. |
Event->gadgetLink |
N |
N |
N |
N |
The gadget's URL. |
Event->gadgetPreferences |
N |
N |
N |
N |
Preferences. |
Event->gadgetTitle |
N |
N |
N |
N |
The gadget's title. |
Event->gadgetType |
N |
N |
N |
N |
The gadget's type. |
Event->gadgetWidth |
N |
N |
N |
N |
The gadget's width in pixels. Optional. |
Event->guestsCanInviteOthers |
N |
Y |
Y |
N |
Whether attendees other than the organizer can invite others to the event. Optional. The default is True. |
Event->guestsCanSeeOtherGuests |
N |
Y |
Y |
N |
Whether attendees other than the organizer can see who the event's attendees are. Optional. The default is True. |
Event->htmlLink |
N |
N |
N |
N |
An absolute link to this event in the Google Calendar Web UI. Read-only. |
Event->hangoutLink |
N |
N |
N |
N |
An absolute link to the Google+ hangout associated with this event. Read-only. |
Event->id |
N |
N |
N |
Y |
Identifier of the event. |
Event->location |
N |
Y |
Y |
N |
Geographic location of the event as free-form text. Optional. |
Event->locked |
N |
N |
N |
N |
Whether this is a locked event copy where no changes can be made to the main event fields "summary", "description", "location", "start", "end" or "recurrence". The default is False. Read-Only. |
Event->organizerDisplayName |
N |
Y |
Y |
N |
The organizer's name, if available. |
Event->organizerEmail |
N |
Y |
Y |
N |
The organizer's email address, if available. |
Event->organizerId |
N |
Y |
Y |
N |
The organizer's Profile ID, if available. |
Event->organizerSelf |
N |
N |
N |
N |
Whether the organizer corresponds to the calendar on which this copy of the event appears. Read-only. The default is False. |
Event->originalStartTimeDate |
N |
Y |
Y |
N |
The date, in the format "yyyy-mm-dd", if this is an all-day event. |
Event->originalStartTimeDateTime |
N |
Y |
Y |
N |
The time, as a combined date-time value (formatted according to RFC 3339). A time zone offset is required unless a time zone is explicitly specified in 'timeZone'. |
Event->originalStartTimeTimeZone |
N |
Y |
Y |
N |
The name of the time zone in which the time is specified (e.g. "Europe/Zurich"). Optional. The default is the time zone of the calendar. |
Event->recurrence |
Y |
Y |
Y |
N |
List of RRULE, EXRULE, RDATE and EXDATE lines for a recurring event. This field is omitted for single events or instances of recurring events. |
Event->recurrenceDate |
N |
N |
N |
N |
This attribute helps in identifying the single instance of the recurrence event to be canceled. This attribute exists only in the import link. If the import dataxml contains Event->recurrenceDate with changetype=modify and modifytype=replace, and Event->status=cancelled, then the event instance gets updated with the canceled status. |
Event->recurringEventId |
Y |
N |
N |
N |
For an instance of a recurring event, this is the event ID of the recurring event itself. Immutable. |
Event->reminderOverrides->method |
Y |
Y |
Y |
Y |
The method used by this reminder. Possible values are:
- "email" - Reminders are sent via email.
- "sms" - Reminders are sent via SMS.
- "popup" - Reminders are sent via a UI popup.
|
Event->reminderOverrides->minutes |
Y |
Y |
Y |
Y |
Number of minutes before the start of the event when the reminder should trigger. |
Event->useDefaultReminder |
N |
Y |
Y |
Y |
Whether the default reminders of the calendar apply to the event. |
Event->sourceTitle |
N |
Y |
Y |
N |
Title of the source; for example a title of a web page or an email subject. |
Event->sourceUrl |
N |
Y |
Y |
N |
URL of the source pointing to a resource. URL's protocol must be HTTP or HTTPS. |
Event->StartDate |
N |
Y |
Y |
N |
The date, in the format "yyyy-mm-dd", if this is an all-day event. |
Event->StartDateTime |
N |
Y |
Y |
N |
The time, as a combined date-time value (formatted according to RFC 3339). A time zone offset is required unless a time zone is explicitly specified in 'timeZone'. |
Event->StartTimeZone |
N |
Y |
Y |
N |
The name of the time zone in which the time is specified (e.g. "Europe/Zurich"). Optional. The default is the time zone of the calendar. |
Event->status |
N |
Y |
Y |
N |
Status of the event. Optional. Possible values are:
- "confirmed" - The event is confirmed. This is the default status.
- "tentative" - The event is tentatively confirmed.
- "cancelled" - The event is cancelled.
|
Event->summary |
N |
Y |
Y |
N |
Whether the event blocks time on the calendar. Optional. Possible values are:
- "opaque" - The event blocks time on the calendar. This is the default value.
- "transparent" - The event does not block time on the calendar.
|
Event->updated |
N |
Y |
N |
N |
Last modification time of the event (as a RFC 3339 timestamp). Read-only. |
Event->visibility |
N |
Y |
Y |
N |
Visibility of the event. Optional. Possible values are:
- "default" - Uses the default visibility for events on the calendar. This is the default value.
- "public" - The event is public and event details are visible to all readers of the calendar.
- "private" - The event is private and only event attendees may view event details.
- "confidential" - The event is private. This value is provided for compatibility reasons.
|
Acl->id |
N |
Y |
Y |
N |
Identifier of the ACL rule. |
Acl->role |
N |
Y |
Y |
N |
The role assigned to the scope. Possible values are:
- "none" - Provides no access.
- "freeBusyReader" - Provides read access to free/busy information.
- "reader" - Provides read access to the calendar. Private events will appear to users with reader access, but event details will be hidden.
- "writer" - Provides read and write access to the calendar. Private events will appear to users with writer access, and event details will be visible.
- "owner" - Provides ownership of the calendar. This role has all of the permissions of the writer role with the additional ability to see and manipulate ACLs.
|
Acl->scopeType |
Y |
Y |
Y |
N |
The type of the scope. Possible values are:
- "default" - The public scope. This is the default value.
- "user" - Limits the scope to a single user.
- "group" - Limits the scope to a group.
- "domain" - Limits the scope to a domain.
Note: The permissions granted to the "default", or public, scope apply to any user, authenticated or not.
|
Acl->scopeValue |
Y |
Y |
Y |
N |
The email address of a user or group, or the name of a domain, depending on the scope type. Omitted for type "default". |
|
Drive Data Format
We can use this data format to manage folders and permissions.
Google Drive is a file storage and synchronization service provided by Google which enables user cloud storage, folder/file sharing and collaborative editing. Google Drive is the home of Google Docs, an office suite of productivity applications that offer collaborative editing on documents, spreadsheets, presentations, and more.
API Scopes
Since we are using service account to invoke Google Drive API v2, the service account must be given access to invoke the API. We are expecting only the minimal access corresponding to the action we are doing. Following are the minimal API access scope required for drive data format operation.
|
Configuration Parameters
|
Name
|
Type
|
Description
|
Filter |
Export |
Filter that control the entries to be returned. Only the entries matching the search criteria are returned. |
MaxResults |
Export |
Maximum number of results to be returned. If this property has a value 0, all entries matching the search criteria are returned. This property can only be configured/used when ExportMode is FullExport. |
ResultsPerPage |
Export |
Number of entries fetched in a single call. Valid range is 1 to 500. Default is 100. |
GetFileById |
Export |
Option to fetch details of a folder by providing its Id. |
ExportMode |
Export |
FullExport will export all selected attributes. DeltaExport will export changed, mandatory or all selected attributes. The type of attributes to export is determined in the DeltaExportMode parameter. |
DeltaExportMode |
Export |
When the ExportMode: DeltaExport has been selected, this parameter determines what attributes to export when a change has taken place. If no change has been made no data will be exported. OnlyChangedAttributes will export only the changed attributes. ChangedAndMandatoryAttributes will export changed and mandatory attributes. AllAttributes will export all attributes that contain a value. The default value is ChangedAndMandatoryAttributes. |
FoldSubRecords |
Export |
If this property is TRUE,sub records will be folded and returned as attributes. |
DynamicConnectedSystemOption |
Export/Import |
This property controls the Dynamic Connected System behavior. If the value is set to None (default) then the default connected system name will be used. If this value is set to Transaction-SystemName, then the connected system name will be taken from value of Transaction-SystemName attribute in the data. If Transaction-SystemName does not contain any valid data then the import/export operation will fail. If the value is set to GlobalVariable, then the connected system name will be taken from the property DynamicConnectedSystem. |
DynamicConnectedSystem |
Export/Import |
When the DynamicConnectedSystemOption: GlobalVariable has been selected, we have to select the global variable which is to be used as the dynamic connected system name. |
SubRecordsInFoldedState |
Import |
If this property is TRUE, connector will accept sub records folded as attribute. |
|
Connector Attributes
Y* attributes are mandatory fields. The attributes which contains -> in name are multi-level attributes. All attributes except “permission->value” can be exported.
|
Attributes for Drive Data Format
|
Name
|
MV
|
Create
|
Modify
|
Delete
|
Description
|
alternateLink |
N |
N |
N |
N |
A link for opening the file in using a relevant Google editor or viewer. |
appDataContents |
N |
N |
N |
N |
Whether this file is in the appdata folder. |
copyable
|
N |
N |
N |
N |
Create time for this file (formatted ISO8601 timestamp). |
defaultOpenWithLink |
N |
N |
N |
N |
A link to open this file with the user's default app for this file. Only populated when the drive.apps.readonly scope is used. |
description |
N |
Y |
Y |
N |
A short description of the file. |
downloadUrl |
N |
N |
N |
N |
Short lived download URL for the file. This is only populated for files with content stored in Drive. |
editable |
N |
N |
N |
N |
Whether the file can be edited by the current user. |
embedLink |
N |
N |
N |
N |
A link for embedding the file. |
explicitlyTrashed |
N |
N |
N |
N |
Whether this file has been explicitly trashed, as opposed to recursively trashed. This will only be populated if the file is trashed. |
exportLinks |
Y |
N |
N |
N |
Links for exporting Google Docs to specific formats. |
fileExtension |
N |
N |
N |
N |
The file extension used when downloading this file. This field is read only. To set the extension, include it in the title when creating the file. This is only populated for files with content stored in Drive. |
fileSize |
N |
N |
N |
N |
The size of the file in bytes. This is only populated for files with content stored in Drive. |
headRevisionId |
N |
N |
N |
N |
The ID of the file's head revision. This will only be populated for files with content stored in Drive. |
iconLink |
N |
N |
N |
N |
A link to the file's icon. |
id |
N |
N |
Y* |
Y* |
The ID of the file. |
indexableText |
N |
N |
N |
N |
The text to be indexed for this file. |
labelHidden |
N |
Y |
Y |
N |
Whether this file is hidden. Deprecated. |
labelRestricted |
N |
Y |
Y |
N |
Whether viewers are prevented from downloading this file. |
labelStarred |
N |
Y |
Y |
N |
Whether this file is starred by the user. |
labelTrashed |
N |
Y |
Y |
N |
Whether this file has been trashed. |
labelViewed |
N |
N |
N |
N |
Whether this file has been viewed by this user. |
lastModifyingUserDisplayName |
N |
N |
N |
N |
A plain text displayable name for this user. |
lastModifyingUserEmailAddress |
N |
N |
N |
N |
The email address of the user. |
lastModifyingUserIsAuthenticatedUser |
N |
N |
N |
N |
Whether this user is the same as the authenticated user for whom the request was made. |
lastModifyingUserPermissionId |
N |
N |
N |
N |
The user's ID as visible in the permissions collection. |
lastModifyingUserName |
N |
N |
N |
N |
Name of the last user to modify this file. |
lastViewedByMeDate |
N |
N |
N |
N |
Last time this file was viewed by the user (formatted RFC 3339 timestamp). |
markedViewedByMeDate |
N |
N |
N |
N |
Time this file was explicitly marked viewed by the user (formatted RFC 3339 timestamp). |
md5Checksum |
N |
N |
N |
N |
An MD5 checksum for the content of this file. This is populated only for files with content stored in Drive. |
mimeType |
N |
Y* |
N |
N |
The MIME type of the file. This is only mutable on update when uploading new content. This field can be left blank, and the mime type will be determined from the uploaded content's MIME type. |
modifiedByMeDate |
N |
N |
N |
N |
Last time this file was modified by the user (formatted RFC 3339 timestamp). Note that setting modifiedDate will also update the modifiedByMe date for the user which set the date. |
modifiedDate |
N |
N |
N |
N |
Last time this file was modified by anyone (formatted RFC 3339 timestamp). This is only mutable on update when the setModifiedDate parameter is set. |
originalFilename |
N |
N |
N |
N |
The original filename if the file was uploaded manually or the original title if the file was inserted through the API. Note that renames of the title will not change the original filename. This will only be populated on files with content stored in Drive. |
owner->displayName |
N |
N |
N |
N |
A plain text displayable name for owner. |
owner->EmailAddress |
N |
N |
N |
N |
The email address of the owner. |
owner->IsAuthenticatedUser |
N |
N |
N |
N |
Whether this user is the same as the authenticated user for whom the request was made. |
owner->PermissionId |
N |
N |
N |
N |
The user's ID as visible in the permissions collection. |
parentId |
Y |
Y |
Y |
Y |
Collection of parent folders which contain this file. Setting this field will put the file in all of the provided folders. On insert, if no folders are provided, the file will be placed in the default root folder. |
permission->domain |
N |
N |
N |
N |
The domain name of the entity this permission refers to. This is an output-only field which is present when the permission type is user, group or domain. |
permission->emailAddress |
N |
N |
N |
N |
The email address of the user this permission refers to. This is an output-only field which is present when the permission type is user and the given user's Google+ profile privacy settings allow exposing their email address. |
permission->id |
N |
Y |
Y* |
Y* |
The ID of the user this permission refers to, and identical to the permissionId in the About and Files resources. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified. |
permission->name |
N |
N |
N |
N |
The name for this permission. |
permission->photoLink |
N |
N |
N |
N |
A link to the profile photo, if available. |
permission->role |
N |
Y* |
Y |
N |
The primary role for this user. Allowed values are: owner, reader, writer |
permission->additionalRoleName |
N |
Y |
Y |
N |
Additional roles for this user. Only commenter is currently allowed. |
permission->selfLink |
N |
N |
N |
N |
A link back to this permission. |
permission->type |
N |
Y* |
N |
N |
The account type. Allowed values are: user, group, domain, anyone. |
permission->withLink |
N |
N |
N |
N |
Whether the link is required for this permission. |
permission->value |
N |
Y |
N |
N |
The email address or domain name for the entity. This is used during inserts and is not populated in responses. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified. |
property->Key |
N |
Y |
N |
N |
The key list of property. |
property->Value |
N |
Y |
N |
N |
The value list of property. |
quotaBytesUsed |
N |
N |
N |
N |
The number of quota bytes used by this file. |
selfLink |
N |
N |
N |
N |
A link back to this file. |
shared |
N |
N |
N |
N |
Whether the file has been shared. |
sharedWithMeDate |
N |
N |
N |
N |
Time at which this file was shared with the user (formatted RFC 3339 timestamp). |
sharingUserDisplayName |
N |
N |
N |
N |
A plain text displayable name of the sharing user. |
sharingUserEmailAddress |
N |
N |
N |
N |
The email address of the sharing user. |
sharingUserIsAuthenticatedUser |
N |
N |
N |
N |
Whether this user is the same as the authenticated user for whom the request was made. |
sharingUserPermissionId |
N |
N |
N |
N |
The user's ID as visible in the permissions collection. |
title |
N |
Y* |
Y |
N |
The title of the file. Used to identify File/ Folder name. |
version |
N |
N |
N |
N |
A monotonically increasing version number for the file. This reflects every change made to the file on the server, even those not visible to the requesting user. |
webContentLink |
N |
N |
N |
N |
A link for downloading the content of the file in a browser using cookie based authentication. In cases where the content is shared publicly, the content can be downloaded without any credentials. |
webViewLink |
N |
N |
N |
N |
A link only available on public folders for viewing their static web assets (HTML, CSS, JS, etc) via Google Drive's Website Hosting. |
writersCanShare |
N |
Y |
Y |
N |
Whether writers can share the document with other users. |
|
Chrome Device Dataformat
We can use this data format to retrieve all Chrome devices for an account and also update or take action on a chrome device.
API Scopes
Since we are using service account to invoke Google Drive API v2, the service account must be given access to invoke the API. We are expecting only the minimal access corresponding to the action we are doing. Following are the minimal API access scope required for drive data format operation.
Connector Attributes for Chrome Device Dataformat
Y* attributes are mandatory fields. The attributes which contains -> in name are multi-level attributes. All attributes except “permission->value” can be exported.
|
Attributes for Chrome Device Dataformat
|
Name
|
MV
|
Create
|
Modify
|
Delete
|
Description
|
Action |
N |
N |
Y |
N |
The action to be performed on the device.
Acceptable values are:
- "admin_account_wipe": Remotely wipes only G Suite data from the device. See the administration help center for more information.
- "admin_remote_wipe": Remotely wipes all data on the device. See the administration help center for more information.
- "approve": Approves the device. If you've selected Enable device activation, devices that register after the device activation setting is enabled will need to be approved before they can start syncing with your domain. Enabling device activation forces the device user to install the Device Policy app to sync with G Suite.
- "block": Blocks access to G Suite data (mail, calendar, and contacts) on the device. The user can still access their mail, calendar, and contacts from a desktop computer or mobile browser.
- "cancel_remote_wipe_then_activate": Cancels a remote wipe of the device and then reactivates it.
- "cancel_remote_wipe_then_block": Cancels a remote wipe of the device and then blocks it.
|
ActiveTimeRanges->ActiveTime |
N |
N |
N |
N |
Duration of usage in milliseconds |
ActiveTimeRanges->Date
|
N |
N |
N |
N |
The asset identifier as noted by an administrator or specified during enrollment. |
AnnotatedLocation |
N |
N |
Y |
N |
The address or location of the device as noted by the administrator. Maximum length is 200 characters. Empty values are allowed. |
AnnotatedUser |
N |
N |
Y |
N |
The user of the device as noted by the administrator. Maximum length is 100 characters. Empty values are allowed. |
BootMode |
N |
N |
N |
N |
The boot mode for the device. The possible values are:
- validated: The device is running a valid version of the Chrome OS.
- dev: The devices's developer hardware switch is enabled. When booted, the device has a command line shell.
- unknown: The device's developer switch mode cannot be determined. The physical device should be examined by an administrator.
|
DeviceId |
N |
N |
Y |
N |
The unique ID of the Chrome device. |
DeprovisionReason |
N |
N |
N |
N |
Only used when the action is deprovision. With the deprovision action, this field is required.
Acceptable values are:
- "different_model_replacement": Use if you're upgrading or replacing your device with a newer model of the same device.
- "retiring_device": Use if you're reselling, donating, or permanently removing the device from use.
- "same_model_replacement": Use if a hardware issue was encountered on a device and it is being replaced with the same model or a like-model replacement from a repair vendor / manufacturer.
|
EthernetMacAddress |
N |
N |
N |
N |
The device's MAC address on the ethernet network interface. |
FirmwareVersion |
N |
N |
N |
N |
The Chrome device's firmware version. |
LastEnrollmentTime |
N |
N |
N |
N |
The date and time the device was last enrolled. The value is in ISO 8601 ISO 8601 date and time format. The time is the complete date plus hours, minutes, and seconds in the form YYYY-MM-DDThh:mm:ssTZD. For example, 2010-04-05T17:30:04+01:00.
|
LastSync |
N |
N |
N |
N |
The date and time the device was last synchronized with the policy settings in the Admin console. The value is in ISO 8601 date and time format. The time is the complete date plus hours, minutes, and seconds in the form YYYY-MM-DDThh:mm:ssTZD. For example, 2010-04-05T17:30:04+01:00.
|
MacAddress |
N |
N |
N |
N |
The device's wireless MAC address. If the device does not have this information, it is not included in the response. |
Meid |
N |
N |
N |
N |
The Mobile Equipment Identifier (MEID) for the 3G mobile card in a mobile device. A MEID is typically used when adding a device to a wireless carrier's post-pay service plan. If the device does not have this information, this property is not included in the response. |
Model |
N |
N |
N |
N |
The device's model information. If the device does not have this information, this property is not included in the response. |
Notes |
N |
N |
Y |
N |
Notes about this device added by the administrator. This property can be searched with the list method's query parameter. Maximum length is 500 characters. Empty values are allowed.
|
OrderNumber |
N |
N |
N |
N |
The device's order number. Only devices directly purchased from Google have an order number. |
OrgUnitPath |
N |
N |
Y |
N |
The full parent path with the organizational unit's name associated with the device. Path names are case insensitive. If the parent organizational unit is the top-level organization, it is represented as a forward slash, /. This property can be updated using the API.
|
OsVersion |
N |
N |
N |
N |
The Chrome device's operating system version. |
PlatformVersion |
N |
N |
N |
N |
The Chrome device's platform version. |
RecentUsers->Email |
N |
N |
N |
N |
The user's email address. This is only present if the user type is USER_TYPE_MANAGED. |
RecentUsers->Type |
N |
N |
N |
N |
The type of the user.
Acceptable values are:
- "USER_TYPE_MANAGED": The user is managed by the domain.
- "USER_TYPE_UNMANAGED": The user is not managed by the domain.
|
SerialNumber |
N |
N |
N |
N |
The Chrome device serial number entered when the device was enabled. This value is the same as the Admin console's Serial Number in the Chrome OS Devices tab. |
Status |
N |
N |
N |
N |
The status of the device.
Acceptable values are:
- "ACTIVE": The device is enrolled into the domain.
- "DELINQUENT": The annual license for the domain has expired and the device no longer receives policies and settings. When a new license is purchased, the device will return to ACTIVE state.
- "DEPROVISIONED":
The device is no longer eligible to be enrolled into the domain. The order has been cancelled. The device's settings have been cached on the device. If the device is activated again, the latest system settings are applied to this newly activated device.
- "DISABLED": The device has been disabled by the administrator and cannot be used.
- "INACTIVE": The device is not enrolled into the domain.
- "RETURN_ARRIVED": The request to replace this device has arrived.
- "RETURN_REQUESTED": A request has been made to replace this device.
- "SHIPPED": The device is shipped.
- "UNKNOWN": The status of the device cannot be determined.
|
SupportEndDate |
N |
N |
N |
N |
The final date the device will be supported. This is applicable only for those devices purchased directly from Google. The value is in ISO 8601 date and time format. The time is the complete date plus hours, minutes, and seconds in the form YYYY-MM-DDThh:mm:ssTZD. For example, 2010-04-05T17:30:04+01:00.
|
WillAutoRenew |
N |
N |
N |
N |
Determines if the device will auto renew its support after the support end date. This is a read-only property. Possible values are:
- true: The support will be automatically renewed. This is the default value.
- false: The support will not be automatically renewed.
|
|
Mobile Device Dataformat
We can use this data format to retrieve all Mobile devices for an account, take action on a mobile device or delete a mobile device.
API Scopes
Since we are using service account to invoke Google Directory API, the service account must be given access to invoke the API. We are expecting only the minimal access corresponding to the action we are doing. Following are the minimal API access scope required for each chrome device data format operation.
Connector Attributes for Mobile Device Dataformat
Y* attributes are mandatory fields. The attributes which contains -> in name are multi-level attributes. All attributes except “permission->value” can be exported.
Attributes for Mobile Device Dataformat
|
Name
|
MV
|
Create
|
Modify
|
Delete
|
Description
|
Action |
N |
N |
Y |
N |
Action to be taken on the Chrome OS device
Acceptable values are:
- "deprovision": Remove a device from management that is no longer active, being resold, or is being submitted for return / repair, use the deprovision action to dissociate it from management.
- "disable":
If you believe a device in your organization has been lost or stolen, you can disable the device so that no one else can use it. When a device is disabled, all the user can see when turning on the Chrome device is a screen telling them that it’s been disabled, and your desired contact information of where to return the device.
Re-enable a disabled device when a misplaced device is found or a lost device is returned. You can also use this feature if you accidentally mark a Chrome device as disabled.
|
AdbStatus |
N |
N |
N |
N |
Adb (USB debugging) enabled or disabled on device (Read-only) |
Applications->DisplayName |
N |
N |
N |
N |
The application's display name. An example is Browser. |
Applications->Permission |
N |
N |
N |
N |
The list of permissions of this application. These can be either a standard Android permission or one defined by the application, and are found in an application's Android manifest. Examples of a Calendar application's permissions are READ_CALENDAR, or MANAGE_ACCOUNTS.
|
Applications->VersionCode |
N |
N |
N |
N |
The application's version code. An example is 13. |
Applications->VersionName |
N |
N |
N |
N |
The application's version name. An example is 3.2-140714. |
BasebandVersion |
N |
N |
N |
N |
The device's baseband version. |
BootloaderVersion |
N |
N |
N |
N |
Mobile Device Bootloader version (Read-only) |
Brand |
N |
N |
N |
N |
Mobile Device Brand (Read-only) |
BuildNumber |
N |
N |
N |
N |
The device's operating system build number. |
DefaultLanguage |
N |
N |
N |
N |
The default locale used on the device. |
DeveloperOptionsStatus |
N |
N |
N |
N |
Developer options enabled or disabled on device (Read-only) |
DeviceCompromisedStatus |
N |
N |
N |
N |
The compromised device status.
Acceptable values are:
- "Compromise detected": There are indications the mobile device has been compromised, such as, the presence of an unlocked bootloader, use of a custom ROM, or the presence of a 'SU (Superuser) binary' on the device.
- "No compromise detected": No compromise has been detected on the device.
- "Undetected": The status of the device is unknown.
|
DeviceId |
N |
N |
N |
N |
The serial number for a Google Sync mobile device. For Android and iOS devices, this is a software generated unique identifier. |
DevicePasswordStatus |
N |
N |
N |
N |
DevicePasswordStatus (Read-only)
Acceptable values are:
|
Email |
Y |
N |
N |
N |
List of owner's email addresses. |
EncryptionStatus |
N |
N |
N |
N |
The date and time the device was initially synchronized with the policy settings in the Admin console. The value is in ISO 8601
date and time format. The time is the complete date plus hours, minutes, and seconds in the form YYYY-MM-DDThh:mm:ssTZD. For example, 2010-04-05T17:30:04+01:00.
|
Hardware |
N |
N |
N |
N |
Mobile Device Hardware (Read-only) |
HardwareId |
N |
N |
N |
N |
The IMEI/MEID unique identifier for Android hardware. It is not applicable to Google Sync devices. When adding an Android mobile device, this is an optional property. When updating one of these devices, this is a read-only property. |
Imei |
N |
N |
N |
N |
The device's IMEI number. |
KernelVersion |
N |
N |
N |
N |
The device's kernel version. |
LastSync |
N |
N |
N |
N |
The date and time the device was last synchronized with the policy settings in the Admin console. The value is in ISO 8601 date and time format. The time is the complete date plus hours, minutes, and seconds in the form YYYY-MM-DDThh:mm:ssTZD. For example, 2010-04-05T17:30:04+01:00.
|
ManagedAccountIsOnOwnerProfile |
N |
N |
N |
N |
Boolean indicating if this account is on owner/primary profile or not. |
Manufacturer |
N |
N |
N |
N |
Mobile Device manufacturer (Read-only) |
Meid |
N |
N |
N |
N |
The device's MEID number. |
Model |
N |
N |
N |
N |
The mobile device's model name, for example Nexus S. |
Name |
Y |
N |
N |
N |
List of the owner's user names. |
NetworkOperator |
N |
N |
N |
N |
Mobile Device mobile or network operator (if available) (Read-only) |
OS |
N |
N |
N |
N |
The mobile device's operating system, for example IOS 4.3 or Android 2.3.5. |
OtherAccountsInfo |
Y |
N |
N |
N |
List of accounts added on device (Read-only) |
Privilege |
N |
N |
N |
N |
DMAgentPermission (Read-only)
Acceptable values are:
- "Device administrator"
- "Device owner"
- "Profile owner"
- "Undetected"
|
ReleaseVersion |
N |
N |
N |
N |
Mobile Device release version version (Read-only) |
ResourceId |
N |
N |
Y |
Y |
The unique ID the API service uses to identify the mobile device. |
SecurityPatchLevel |
N |
N |
N |
N |
Mobile Device Security patch level (Read-only) |
SerialNumber |
N |
N |
N |
N |
The device's serial number. |
Status |
N |
N |
N |
N |
The device's status.
Acceptable values are:
- "ACCOUNT_WIPED"
- "ACCOUNT_WIPING"
- "APPROVED": Device is approved.
- "BLOCKED": A blocked device still shows up in the Admin console's Devices tab, but the user cannot access G Suite data such as mail and calendar from the device. Even though blocked on the mobile device, this user can still access the G Suite services from a desktop computer. A user must be suspended from all G Suite access to be blocked.
- "PENDING": Device's approval is pending. If the device has not been approved by an account administrator and therefore is not activated, a newly added device's status is PENDING. Once a new device is added in PENDING state, an action needs to be taken to either complete the device's activation where the new device's status is APPROVED, or the activation is denied and the new device's status is BLOCKED. "UNKNOWN": The status of the device is unknown.
- "UNPROVISIONED": This is the default state. If a domain does require a device to be activated, the device starts in this status until provisioning is completed.
- "WIPED": A remote wipe removes all device-based data like mail, calendar, and contacts from the device, but it may not delete data stored on the device's SD card. A user's G Suite data remains available through a web browser or other authorized mobile device. Once the content has been deleted, the device's settings are reset to its defaults.
- "WIPING": The device is being remotely wiped. For Android and iOS devices, the device usually receives the remote wipe command within a few seconds. However, sometimes the command doesn't reach the device right away, so the Device Policy app checks the server every three hours for a wipe command. Therefore, the maximum time before the device is wiped is about 3 hours, or when the device reconnects to the network.
|
SupportsWorkProfile |
N |
N |
N |
N |
Work profile supported on device (Read-only) |
Type |
N |
N |
N |
N |
The type of mobile device.
Acceptable values are:
- "ANDROID"
- "GOOGLE_SYNC"
- "IOS_SYNC"
|
UnknownSourcesStatus |
N |
N |
N |
N |
Unknown sources enabled or disabled on device (Read-only) |
UserAgent |
N |
N |
N |
N |
Gives information about the device such as os version. |
WifiMacAddress |
N |
N |
N |
N |
The device's MAC address on Wi-Fi networks. |
|
Entitlement Support
This connector supports static entitlements in the form of Users or Groups. The non-static entitlement discovery support is only for google groups. Entitlements are configured from the Admin UI ► Server ► Resources. See the Resource Management chapter in the Identity Suite Administration Guide for details on resources.
To configure entitlements
-
Static Entitlement - On the Resource Detail page, under Entitlement Options, click Add Static Entitlement button, enter a Name and Value, and select the Type.
If selected type is group, the value should be primary email of group. And if the selected type is attribute, the name should be attribute name and value should be attribute value.

- Entitlement discovery for Groups - On the Resource Detail page, under Entitlement Options, click Add button to get the page for Entitlement Search on Google Apps MultiDomain System as shown below.

- Search for google group with Name or Email and criteria. Click Search button. The Google groups list will be displayed as shown below. Select and add group(s).

Lookup Data
To filter data, use the Data Mapper rule Lookup Data. The following lookup options will be supported.
- Log in to the Workflow and Connectivity Studio and double-click the Data Mapper object on the Design pane.
The Configure Data Mapper window displays.
-
Select the Lookup Data rule under the Mapping Rule column and then click the Source Value.
The Configure Lookup window displays.

-
Select the GoogleMulti from the Select System drop-down list.
-
In the Enter Lookup Prefix field, enter the prefix to be added to the Lookup fields.
-
Select the Lookup Type (user, group, Calendar Resource, Calendar, Drive, Chrome Device and Mobile Device.) from the drop-down list.
-
Select the lookup method (i.e. User By Email, User By primary Email or User By Filter) for the lookup type user.
When Lookup Type is group, the lookup methods are "Group By Email", "Group By Domain" and "Group By User Email".
Type |
Name |
Argument |
Description |
User |
User By Email |
primaryEmail or alias or userID |
Fetch user details by providing user Email or userID. At most one user can be returned. |
User By Filter |
Filter can be on domain name and any one of the attribute email, givenName, and familyName |
Fetch users using the filter provided. Can return 0 or more users. This is same as user export by providing filter. |
Group |
Group By Email |
Group By Email |
Fetch group details by providing group Email or GroupID. At most one group can be returned. |
Groups By Domain |
DomainName |
Fetch all groups under a domain. If domain name is not provided, groups from all domains are returned. |
Groups By User Email |
primaryEmail |
Fetch all groups in which the given user is a member. |
Calendar Resource |
|
Resource Id |
Fetch the details of the calendar resource by providing the calendar resource id. |
Calendar |
|
Calendar Id |
Fetch the calendar details by providing the calendar id. |
Drive |
Drive By ID |
Folder Id |
Fetch folder details by providing its ID. At most one file can be returned. |
Drive By Filter |
Filter folders with any one of the attributes: title, fulltext, labelTrashed, labelStarred and modifiedDate |
Fetch folder using the filter provided. Can return 0 or more folders. This is same as folder export by providing filter. |
Chrome Device |
Device By ID |
Device Id
|
Fetch chrome device details by providing its Device ID. Atmost one file can be returned. |
Device By Filter |
Filter Chrome device with any one of the attributes: RecentUsders->Email, SerialNumber, Status |
Fetch chrome device using the filter provided. Can return 0 or more devices. This is same as chrome device export by providing filter. |
Mobile Device |
Device By Resource ID |
Resource ID |
Fetch mobile device details by providing its Resource ID. Atmost one file can be returned. |
Device By Filter |
Filter Mobile device with any one of the attributes: Email, Name, Status |
Fetch mobile device using the filter provided. Can return 0 or more devices. This is same as mobile device export by providing filter. |
-
If User by Filter is selected, click the Filter Build button, and then from the Set Filter window, generate the search filter
Example:

Another Example of the Set Filter Window for Drive By Filter:

-
Click OK. The updated Configure Lookup window displays.
Example of Lookup screen with Filter:

-
Select the Exit as Mapper Task Failed on Lookup Failure check box to exit the task with Failed
status on lookup failure. It will not process the succeeding entries and will ignore the already processed entries and will not return any data. This is selected by default.
-
Click OK.
Canceling a single instance of a Recurring Event
- In the import link of google multi domain connector, set the date of the specific recurring instance to be deleted in attribute Event→recurrenceDate.
- The sample mapper screen to delete a specific recurrence event in a GoogleMD ► DataMapper ► GoogleMD workflow is shown below assuming a calendar with single recurring event.

Canceling multiple instances of a Recurring Event
Some sample import-data for the recurring Event add, modify and cancel.
- Recurrence Event Add

- Event Modify

- Event Modify - Recurrence Event Cancellation through recurrenceDate attribute
