Google G Suite ======================= .. note:: This feature required Enterprise Edition. Genian |product_name| can use the G Suite directory as a source of user and organizational information. G Suite Sync lets you create user accounts locally and use them for management or policies. Here's how to sync user and organization information based on G Suite. Create sync settings ------------------------ #. Move to **Preferences** in top panel. #. Move to **User Authentication > Data Synchronization** in left panel. #. Click **Tasks > Create**. In **General** section #. For **ID**, Enter name here #. For **Update Interval**, Select the specified time or periodic interval for synchronization. #. For **Policy Apply**, After synchronization, select ``Enabled`` to reflect the changes. If you have multiple sync settings, you can set it to ``Disabled`` and enable only the last sync. #. For **Environment**, Input is not required for basic synchronization tasks. However, it is used when defining variable values to be commonly referenced within a separate custom shell script executed for integration with external systems. .. warning:: **Configuration Caution**: Incorrect environment variable declarations can lead to malfunctions in the integration script or system errors. Before configuration, please ensure that the variables are correctly processed within the script. Usage Scenario: Log Level Control Used when you want to control simple operation options such as Log Level or Retry Count during external script execution. .. code-block:: bash export LOG_LEVEL='ERROR' #. For **Query**, Enter the SQL query to be executed immediately after information synchronization is complete. This is used when secondary processing is required based on specific conditions using the synchronized information. .. warning:: **Risk of Data Loss**: This feature directly affects the database. In particular, the use of ``UPDATE`` or ``DELETE`` statements may result in **irreversible data loss**. Usage Scenario: Account Lock Processing based on Employment Status Used when you want to automatically disable the NAC account of resigned (or on-leave) employees according to the 'Employment Status' code after information synchronization. Prerequisites 1. Create a field to manage employment status (e.g., USER_CUSTOM08) in [Settings] > [Property Management] > [Custom Fields] > [User Custom Fields]. 2. Assign the user custom field created in step 1 to [Additional Info] under [User Information] in [Information Synchronization]. Writing Example If the value of USER_CUSTOM08 is '001' (Resigned/On-leave, etc.), update USER_STATUS to '0' (Disabled). .. code-block:: sql UPDATE USER SET USER_STATUS = 0 WHERE USER_CUSTOM08 = '001'; In **Data Source** section #. **DB Type** : ``Google G Suite`` #. **Authorization Code**: Enter Authorization code. Click the ``Generate Google Authorization Code`` button at the top, and copy and enter the code that is output after clicking the ``Allow`` button on the account login. #. **DOMAIN**: When you enter a domain, only the information from that domain is synchronized. If not entered, information about all domains to which the account belongs is synchronized. #. **VIEW TYPE**: Select the data synchronization range according to authority. Typically, ``admin_view`` for an account with admin privileges, otherwise ``domain_public``. In **User information** section #. For **Table Name**, Enter ``users``. #. For **Column Name for Username**, Enter ``primaryEmail``. #. For **Column Name for Full Name**, Enter ``name/fullName``. #. For **Column Name for Department ID**, Enter ``orgUnitPath``. In **Department Information** section #. For **Table Name**, Enter ``orgunits``. #. For **Displaying Sorted Hierarchies**, Enter ``@NAMEPATH`` to show based on department name. #. For **Column Name for Department Code**, Enter ``orgUnitId``. #. For **Column Name for Department Name**, Enter ``name``. #. For **Column Name for Parent Department**, Enter ``parentOrgUnitId``. #. Click **Create** button. .. attention:: G Suite does not provide a password attribute when using the API, so user passwords cannot be synchronized. Therefore, separate linkage should be set. See ``SAML 2.0`` in: doc: `../ integrate-external`.