6ed5cb5249
* website/integrations: rename "Create with Provider" to "New Application" The application list page now uses a split-button labeled "New Application" instead of the old "Create with Provider" dropdown. Update all 113 integration guides to match. * website/docs: update flow, stage, and policy button labels - "Create" → "New Flow", "New Stage", "New Policy" for trigger buttons - "Finish" → "Create Flow", "Create Stage", "Create Policy" for submit - "Create and bind stage" → "New Stage" / "Bind Existing Stage" - "Create" (binding submit) → "Create Stage Binding" * website/docs: update provider button labels - "Create" → "New Provider" for trigger buttons - "Create with Provider" → "New Application" in RAC docs - "Create" → "New Property Mapping", "New RAC Endpoint", "New Prompt" for related entity creation * website/docs: update directory button labels - "Create" → "New Source" for federation/social login pages - "Create" → "New Role", submit → "Create Role" - "Create" → "New Invitation" - Policy binding submit → "Create Policy Binding" * website/docs: update endpoint device and system management button labels - "Create" → "New Endpoint Connector", "New Enrollment Token", "New Device Access Group", "New Flow" - Submit → "Create Device Access Group" - "Create" → "New Notification Rule", "New Notification Transport" - Binding submit → "Create Policy Binding" * Reorganize policy documentation * website/docs: address policy docs review feedback * post-rebase * website/docs: Reorganize policy documentation -- Revisions (#21601) * apply suggestions * Fix escaped. * Fix whitespace. * Update button label. * Fix phrasing. * Fix phrasing. * Clean up stragglers. * Format. --------- Co-authored-by: Dominic R <dominic@sdko.org>
3.3 KiB
title, authentik_enterprise
| title | authentik_enterprise |
|---|---|
| Create a Google Workspace provider | true |
For more information about using a Google Workspace provider, see the Overview documentation.
Prerequisites
To create a Google Workspace provider in authentik, you must have already configured Google Workspace.
Create a Google Workspace provider in authentik
-
Log in to authentik as an administrator and open the authentik Admin interface.
-
Navigate to Applications > Providers and click New Provider.
-
Select Google Workspace Provider as the provider type, then click Next.
-
On the New Google Workspace Provider page, set the following configurations:
-
Name: provide a descriptive name (e.g.
GWS provider) -
Under Protocol settings:
- Credentials: paste the contents of the JSON file that you downloaded when configuring Google Workspace
- Delegated Subject: enter the email address of the Google Workspace user that all authentik actions will be delegated to
- Default group email domain: enter a domain which will be used to generate the email address for groups synced from authentik to Google Workspace
- User deletion action: determines what authentik will do when a user is deleted from authentik
- Group deletion action: determines what authentik will do when a group is deleted from authentik
-
Under User filtering:
- Exclude service accounts: choose whether to include or exclude service accounts
- Group: select a group and only users within that group will be synced to Google Workspace
-
Under Attribute mapping:
- User Property Mappings: select any property mappings, or use the default
- Group Property Mappings: select any property mappings, or use the default
:::info Skipping certain users or groups The
SkipObjectexception can be used within a property mapping to prevent specific objects from being synced. Refer to the Provider property mappings documentation for more details. :::
-
-
Click Finish.
Create a Google Workspace application in authentik
:::info Backchannel Provider If you have configured the Google Workspace SAML integration to enable authenticating to Google Workspace with authentik, you can add the provider created in the previous section as a backchannel provider to the existing application, instead of creating a new one. :::
-
Log in to authentik as an administrator and open the authentik Admin interface.
-
Navigate to Applications > Applications, click New Application, and set the following configurations:
- Name: provide a name for the application (e.g.
GWS) - Slug: enter the name that you want to appear in the URL
- Provider: when not used in conjunction with the Google SAML configuration, this should be left empty.
- Backchannel Providers: this field is required for Google Workspace. Select the name of the Google Workspace provider that you created in the previous section.
- UI settings: leave these fields empty for Google Workspace.
- Name: provide a name for the application (e.g.
-
Click Create.