Perform operations on G Suite users, groups, and roles and track all OAuth apps in Freshservice.
The GSuite application lets you automate repeatable actions within Freshservice and also helps you track accurate usage information for SaaS Management. The list of actions supported for this app include:
Make User Super Admin
Assign a Role To User
Get Role Assignment
Delete Role Assignment
Get Group Details
Get Group Member
Assign Member to Group
Update group member
Delete group member
Check Group Member
Assign Member to Multiple Groups
Remove Member From All Groups
Update Group Settings
Delete All App-Specific Password
Mobile Device Management
Delete Mobile Devices Of A User
Calendar Access Control Management
Create Access Control Rule
Delete Access Control Rule
Delete All Future Calendar Events
Drive Permission Management
Transfer Ownership Of All Files
1. Create Delegate
2. Delete Delegate
3. Enable Auto Reply
4. Update Mail Auto Forwarding
5. Create Forwarding Address
1. Transfer user data
1. Wipe User Device
Orchestration apps give you the ability to automate several repeatable actions that span across a diverse set of systems by performing specific actions with Freshservice Workflows. With the GSuite app you can perform actions for:
Freshservice’s direct integrations for SaaS management enable accurate and reliable user and usage data discovery. Integrate with GSuite to gain visibility into:
The plan, consumption, and usage data of GSuite products.
Discover and track the apps that employees authenticate using Gsuite.
This integration requires the SaaS Management Add-on. More details can be found here.
To use this integration for SaaS Management,
To install and authenticate the app you need to provide the following input:
Private Key Id
Email (The Gsuite account email address)
Step 1: Create a Service Account
Set up a Service Account project in the Google API Console.
Create a new project (or select an existing one)
Click on Create service account.
Under Service account details, type a name, ID, and description for the service account, then click Create.
Under Service account permissions, select the IAM roles as 'Project Owner' to grant to the service account, then click Continue.
Optional: Under Grant users access to this service account, add the users or groups that are allowed to use and manage the service account.
After the service account is created, open the service account, click on "Edit" then click "Add Key" under "Keys", then click "Create New Key".
Make sure the key type is set to JSON and click Create.
Click Close > Save.
Save the downloaded JSON key.
Your new public/private key pair is generated and downloaded to your machine; it serves as the only copy of the private key. You are responsible for storing it securely. If you lose this key pair, you will need to generate a new one.
Note: The Client Email, Private Key and Private Key Id used as app installation inputs are obtained from the Service account JSON file downloaded. So one needs to copy these parameters from the downloaded JSON file and give the app input as shown below.
Then go inside the Service account created and click on "Show Domain-Wide Delegation" and then tick "Enable G Suite Domain-wide Delegation" and then Save.
Step 2: Enable Admin SDK API
Open your project in the API Console. Click on ENABLE APIS AND SERVICES
In the list of APIs, search and click Admin SDK API.
Click on ENABLE to enable Admin SDK API
Note: Repeat the above instructions to enable Google Drive API, Google Calendar API, Group Settings API, Cloud Identity API, and Gmail API.
Step 3: Assign OAUTH Scopes for Admin SDK API
Under Domain-wide delegation, click Manage Domain Wide Delegation.
On the Manage domain-wide delegation page, click Add new.
Enter the client ID of the service account or OAuth2 client ID of the app.
Under the OAuth Scope, add each scope that the application can access.
If you want to enable SaaS management for this app, the following OAuth scopes should be included:
If you want to enable only Orchestration capabilities for this app, the following OAuth scopes should be included
Step 4: Enter the details as follows in the GSuite Integration Page:
- Private Key, Private Key ID, and Client email information can be fetched from the previously downloaded file. Ensure that the complete key is copied onto the Freshservice console including: "-----BEGIN PRIVATE KEY-----", "\n-----END PRIVATE KEY-----\n" and all line breaks "\n".
- Domain information is the name of the domain for which you would like to enable SaaS discovery. Ensure that you add the domain without "www".
- Email is the admin email address of the service account.
- Label is a reference ID for the integration. (Ex: G suite discovery)