1.1 Driver Concepts

1.1.1 Data Transfer between Systems

IDM drivers support two data transfer channels between the Identity Vault and the connected system, called the Publisher and Subscriber channels. The Publisher channel handles data and events from the connected system into the Identity Vault. The Subscriber channel handles data and events from the Identity Vault into the connected system.The Google Apps driver only supports data transfers from the Identity Vault into Google Apps. Communication is one-way only.

The Publisher Channel

The Publisher Channel is not currently supported by this driver.

The Subscriber Channel

  • Monitors the Identity Vault for new objects and changes to existing objects.

  • Any relevant changes are sent to the shim to be executed in the Google Apps system.

Through the use of filters and policies, the driver can be configured to control and manage what changes are detected and sent to Google Apps.

1.1.2 How the Driver Works

The following diagram illustrates the data flow between Identity Manager and Google Apps API’s:

Figure 1-1 Google Apps Driver Data Flow

The Identity Manager engine uses XDS, a specialized form of XML, to represent events in the Identity Vault. Identity Manager passes the XDS to the driver policy, which can consist of basic policies, DirXML Script, and XSLT style sheets.

After driver policy has been applied, the driver shim communicates securely over https to the Google Apps API's for your domain. The results are then communicated back to the driver. The driver then processes that information converting it into an appropriate XDS that is reported back to the Identity Manager engine.

1.1.3 Understanding The Google API’s

Google has many different API's available for managing data into and out of the many different Google applications. The 4.1.x driver supports the following API's:

  • Directory API - The Directory API is responsible for creating user, group and organization unit objects.

  • Contact API* - The contact API is similar to the Profile API with the exception that it will create a Shared Contact inside of the Address Book (Contacts).

  • Groups Settings API - Manage security settings, archive properites, and moderation settings of group objects.

  • EMail Settings API - The email API allows modification to the default behavior (as set in your Google apps domain) for items related to email.

NOTE:* The Contact Add events do not show in the Google Apps Control Panel and Address Book (Contacts) for up to 24 hours. Modify events will show immediately.