Using the Google Apps Admin console, you can configure your Google domain with an organizational structure. Using the same console, you can also assign or revoke Google Apps services such as Mail, Calendar, or Drive to or from specific organizational units within that organizational structure. As a result, user access to Google Apps services is controlled based on the user’s location within the organizational structure.
CloudAccess provides support for provisioning users to specific organizational units previously configured in the Google Apps domain. After you have configured the Google Apps organizational structure and services using the Google Apps Admin console, you can configure CloudAccess to provision users to specific locations within that organizational structure.
By default, the connector for Google Apps places newly provisioned users into the top-level organization of your Google Apps domain. For example, if your Google Apps domain is mygmail.com, the connector places users in the mygmail.com organization. If you want all newly provisioned users to be placed in a sub-organization that you have created in your Google Apps domain, you can specify this organizational unit as the default when you configure the connector.
Instead of a default organizational unit, users can be provisioned to a specific organizational unit based on mappings you create on the CloudAccess Policy page. On the Policy page, the Google Apps organizational units are shown as User Placement type Authorizations. Mapping a User Placement overrides any default organizational unit you specify in the connector configuration.