Identity Manager drivers support two data transfer channels between the Identity Vault and the connected system, called the Publisher and Subscriber channels. The Publisher channel handles data and events from the connected system into the Identity Vault. The Subscriber channel handles data and events from the Identity Vault into the connected system.
The G Suite Driver only supports data transfers from the Identity Vault into Google Apps. Communication is one-way only. Communication channels are discussed in the following sections:
The Publisher Channel is not currently supported by this driver.
Monitors the Identity Vault for new objects and changes to existing objects.
Any relevant changes are sent to the shim to be executed in the Google Apps system.
Through the use of filters and policies, the driver can be configured to control and manage what changes are detected and sent to Google Apps.
The following diagram illustrates the data flow between Identity Manager and Google Apps API’s:
Figure 1-1 G Suite Driver Data Flow
The Identity Manager engine uses XDS, a specialized form of XML, to represent events in the Identity Vault. Identity Manager passes the XDS to the driver policy, which can consist of basic policies, DirXML Script, and XSLT style sheets.
After driver policy has been applied, the driver shim communicates securely over https to the Google Apps API's for your domain. The results are then communicated back to the driver. The driver then processes that information converting it into an appropriate XDS that is reported back to the Identity Manager engine.
Google has many different APIs available for managing data into and out of the many different Google applications. API Access must be turned on in the G Suite Admin Console. The driver supports the following APIs:
– The Directory API is responsible for creating users and group objects. It is required to turn this API on inside the G Suite Admin Console.
– The Contacts API creates a Domain Contact inside of the Address Book (Contacts).
– The Groups Settings API provides enhanced control of permissions and other group attributes.
– Gmail user account settings, labels, forwarding, send as, and delegation
NOTE:The Contact API Add events may not show in the G Suite Admin Console and Address Book (Contacts) for up to 24 hours even though they are usable objects right away. Modify events will show immediately.