Manage Google Workspace users
Admins can manage Google licenses, roles, and deprovisioning actions in Okta for Okta end users who are assigned to Google Workspace. Also, Okta a user's licenses and roles can be automatically updated within their third-party Google account. These updates can be done either individually or within a group. Any updates performed in Okta can later be pushed to Google.
Prerequisites
-
In Okta, enable Google Workspace provisioning and enable the appropriate provisioning features (Create Users, Update User Attributes, Deactivate Users).
-
In Google, under License settings, turn off Google Workspace licensing.
Procedures
Manage Google licenses
The Manage licenses on create and update option determines whether license changes in Okta are pushed to Google. When Okta end users are assigned or changed in the Universal Directory Profile Editor, choosing true allows any changes in their Google licenses to be automatically pushed to Google. Choosing false doesn't push any information.
-
In Okta, select the Assignments tab for your Google Workspace instance, select a user or group, then click Edit.
-
Set Manage licenses on create and update to true.
-
Select the user or group to assign the licenses to.
Only certain groups of Google licenses can be individually selected, because some groups provide mutually exclusive options. For example, you can assign only one license selection at a time for Google Workspace and Google Drive. Choosing more than one license results in an error on the Tasks page, and only the first selection is honored.
-
Click Save.
You can also Remove all G Suite licenses for the selected user or group under Deactivation options on the Edit User Assignment or Edit Group Assignment pages, respectively.
Manage Google roles
To enable this feature, contact Okta Support and request that they migrate your existing Google Workspace application instance to the new profile template.
-
In Okta, select the Assignments tab for your Google Workspace instance, select a user or group, then click Edit.
-
Set Manage roles on create and update to true.
-
Select the checkboxes that correspond to the roles to assign to the selected user or group.
-
Click Save.
You can also Remove all G Suite Roles for the selected user or group under Deactivation options on the Edit User Assignment or Edit Group Assignment pages, respectively.
Okta can only manage custom-created roles that are created within Google. The default Google roles can't be pulled into Okta.
Manage user assignments
When you need to deprovision or deactivate an Okta user from Google Workspace, you can do so without compromising the user's Google account. A set of options under Deactivation on the Edit User Assignments page allows you to configure what happens to Google licenses and roles when a user is deprovisioned in Okta.
If no options are selected, the user is suspended in Okta and in their corresponding Google account.
These are the deactivation options:
- Do not suspend user: This option prevents the user's account from being suspended in Google after deprovisioning in Okta. The user's Google account remains active.
- Remove all G Suite licenses: This option ensures that when the user is deprovisioned, their Google licenses no longer exist in Okta.
- Remove all G Suite Roles: This option ensures that when the user is deprovisioned, their Google roles no longer exist in Okta.
License Mapping
We have recently updated Google Workspace licenses for our Google Workspace provisioning integration. To use these updated licenses for existing integrations, contact Okta Support and request that they migrate your existing Google Workspace application instance to the new profile template.
Due to some limitations, there's a slight difference in license naming. This table provides the license mapping.
| SKU ID | Okta SKU Name | Google SKU Name |
|---|---|---|
| Google-Apps-For-Business | Google Apps for Business | G Suite Basic |
| Google-Apps-For-Postini | Google Apps for Postini | Google Apps Message Security |
| Google-Apps-Unlimited | Google Apps Unlimited | G Suite Business |
| Google-Apps-Lite | Google Apps Lite | G Suite Lite |
| 1010020020 | G Suite Enterprise | Google Workspace Enterprise Plus (formerly G Suite Enterprise) |
| 1010020027 | Google Workspace Business Starter | Google Workspace Business Starter |
| 1010020028 | Google Workspace Business Standard | Google Workspace Business Standard |
| 1010020025 | Google Workspace Business Plus | Google Workspace Business Plus |
| 1010060003 | Google Workspace Enterprise Essentials | Google Workspace Enterprise Essentials |
| 1010020029 | Google Workspace Enterprise Starter | Google Workspace Enterprise Starter |
| 1010020026 | Google Workspace Enterprise Standard | Google Workspace Enterprise Standard |
| 1010020030 | Google Workspace Frontline | Google Workspace Frontline |
| Google-Apps-For-Education | Google Workspace for Education Fundamentals | Google Workspace for Education Fundamentals |
| 1010310005 | Google Workspace for Education Standard | Google Workspace for Education Standard |
| 1010310006 | Google Workspace for Education Standard (Staff) | Google Workspace for Education Standard (Staff) |
| 1010310007 | Google Workspace for Education Standard (Extra Student) | Google Workspace for Education Standard (Extra Student) |
| 1010310008 | Google Workspace for Education Plus | Google Workspace for Education Plus |
| 1010310009 | Google Workspace for Education Plus (Staff) | Google Workspace for Education Plus (Staff) |
| 1010310010 | Google Workspace for Education Plus (Extra Student) | Google Workspace for Education Plus (Extra Student) |
| 1010370001 | Google Workspace for Education: Teaching and Learning Upgrade | Google Workspace for Education: Teaching and Learning Upgrade |
| 1010310002 | G Suite Enterprise for Education | Google Workspace for Education Plus - Legacy |
| 1010310003 | G Suite Enterprise for Education (Student) | Google Workspace for Education Plus - Legacy (Student) |
| Google-Drive-storage-20GB | Google Drive Storage 20GB | Google Drive storage 20 GB |
| Google-Drive-storage-50GB | Google Drive Storage 50GB | Google Drive storage 50 GB |
| Google-Drive-storage-200GB | Google Drive Storage 200GB | Google Drive storage 200 GB |
| Google-Drive-storage-400GB | Google Drive Storage 400GB | Google Drive storage 400 GB |
| Google-Drive-storage-1TB | Google Drive Storage 1TB | Google Drive storage 1 TB |
| Google-Drive-storage-2TB | Google Drive Storage 2TB | Google Drive storage 2 TB |
| Google-Drive-storage-4TB | Google Drive Storage 4TB | Google Drive storage 4 TB |
| Google-Drive-storage-8TB | Google Drive Storage 8TB | Google Drive storage 8 TB |
| Google-Drive-storage-16TB | Google Drive Storage 16TB | Google Drive storage 16 TB |
| Google-Vault | Google Vault | Google Vault |
| Google-Vault-Former-Employee | Google Vault Former Employee | Google Vault - Former Employee |
| 1010010001 | Cloud Identity | Cloud Identity |
| 1010050001 | Cloud Identity Premium | Cloud Identity Premium |
| 1010330003 | Google Voice Starter | Google Voice Starter |
| 1010330004 | Google Voice Standard | Google Voice Standard |
| 1010330002 | Google Voice Premier | Google Voice Premier |
Troubleshooting
Apps for which users don't have a license may appear on their Okta End-User Dashboard. Clicking these apps results in an error message.