Platform
Integrations
Identity Providers
Google Workspace

Integrating Google Workspace with Nordstellar Platform

This guide will walk you through the steps to set up a secure, one-way synchronization of your user directory from Google Workspace to Nordstellar. This ensures that your employee list on Nordstellar is always up-to-date.

What This Integration Does

Once configured, our platform will automatically fetch your active user list from Google Workspace daily. This data will be used to:

  • Keep your Nordstellar user directory synchronized with your Google Workspace.

  • Ensure accurate employee data on the Nordstellar Platform.

Prerequisites

To complete this setup, you will need:

  • Access to the Google Cloud Console with permissions to create projects and manage Service Accounts.

  • Super Administrator access to your Google Workspace Admin Console (admin.google.com).

Step 1: Configure Your Google Cloud Project

This step involves setting up a project in Google Cloud Platform and creating a special account that our platform will use to securely access your Google Workspace data.

  1. Go to the Google Cloud Console:

  2. Create or Select a Project:

    • At the top of the page, click the project dropdown.

    • Click New Project to create a new project, or select an existing one.

    Recommendation: Give your project a clear, descriptive name like "Nordstellar Google Workspace User Sync" to easily identify its purpose.


  3. Enable the Admin SDK API:

    • In the Google Cloud Console, use the navigation menu (usually three horizontal lines on the top left) and go to APIs & Services > Library.

    • In the search bar, type Admin SDK API and press Enter.

    • Click on the Admin SDK API from the search results.

    • Click the ENABLE button.

  4. Create a Service Account:

    • In the Google Cloud Console, navigate to IAM & Admin > Service Accounts.

    • Click the + CREATE SERVICE ACCOUNT button at the top.

    • Service account name: Enter a descriptive name, e.g., nordstellar-gws-sync.

    • (Optional) Add a Service account ID and description for clarity.

    • Click CREATE AND CONTINUE.

    • Grant this service account access to project: You typically do not need to assign a role here for this integration. Click CONTINUE.

    • Grant users access to this service account: You can skip this step. Click DONE.

  5. Download the Service Account JSON Key:

    • You will now see your newly created service account in the list. Click on its email address to open its details.

    • Go to the KEYS tab.

    • Click ADD KEY > Create new key.

    • Select JSON as the key type.

    • Click CREATE.

    • A JSON file (e.g., your-project-id-xxxxxxxxxxxx.json) will be downloaded to your computer.

    ⚠️

    IMPORTANT: This file contains sensitive credentials. Keep it secure and do not share it publicly. You may rename it to something more recognizable, like nordstellar-gws-credentials.json. You will need to upload this file to the Nordstellar Platform later.

Step 2: Delegate Domain-Wide Authority in Google Workspace

This step allows the Service Account you just created to access your Google Workspace user data on behalf of your organization's Super Administrator.

  1. Sign in to your Google Workspace Admin Console:

  2. Navigate to API Controls:

    • From the Admin Console home page, go to Menu (three horizontal lines) > Security > Access and data control > API controls.

  3. Manage Domain-Wide Delegation:

    • Scroll down to the Domain-wide Delegation section.

    • Click MANAGE DOMAIN WIDE DELEGATION.

  4. Add a New API Client:

    • Click Add new.

    • Client ID: You need to paste the client_id from the JSON key file you downloaded in Step 1.

      • To find it, open the nordstellar-gws-credentials.json file (or whatever you named it) in a text editor. Look for the value associated with the key "client_id". Copy this value.

    • OAuth scopes (comma-separated): Enter the following exact scope: https://www.googleapis.com/auth/admin.directory.user.readonly

    💡

    Explanation: This specific scope grants our platform read-only access to your Google Workspace user directory. It ensures that our system can only view user information and cannot make any changes to your Google Workspace users.

    • Click AUTHORIZE.

Step 3: Configure on Nordstellar Platform

Now that you've completed the setup in Google Cloud and Google Workspace, return to the Nordstellar Platform to finalize the integration.

  1. Navigate to Integration Settings:

    • On the Nordstellar Platform, go to the Settings section.

    • In the right-side menu, under the Connect section, click Integrations.

    • Click Connect on the Google Workspace card.

  2. Upload Credentials and Enter Admin Email:

    • You will find fields to upload the JSON key file and enter the Admin Email.

    • Upload JSON Key File: Click the "Select File" button and choose the nordstellar-gws-credentials.json file (or the name you chose) that you downloaded in Step 1.

    • Admin Email: Enter the exact email address of the Google Workspace Super Administrator account that you used to delegate domain-wide authority in Step 2. This email is used by the service account to impersonate an administrator.

    • (Optional) Enter Customer ID if needed (this usually applies to Reseller/Partner type Google accounts).

    How to obtain customerId: Every Google Workspace account has a unique, alphanumeric customerId (e.g., C0123abcd). You can find your organization's customerId in the Google Admin Console by going to Menu > Account > Account settings > Profile and looking for "Customer ID".


  3. Test Connection:

    • Click the "Test Connection and Continue" button.

    • Our platform will attempt to connect to your Google Workspace using the provided details.

    • Success: If the connection is successful, you will receive a confirmation message.

    • Failure: If the connection fails, an error message will be displayed. Please refer to the troubleshooting section below.

  4. Save Configuration:

    • Once the connection test is successful, the platform will automatically begin daily user synchronization.

(Optional) Disable Autodiscovery for Your Domain

By default, once integration with your chosen IDP is enabled, Nordstellar will sync users from two sources—unless you specifically toggled off Autodiscovery when adding the domain to your watchlist:

  • Nordstellar Autodiscovery: Detects emails associated with your added domains.
  • Your IDP: Syncs verified, current employee accounts from Google Workspace.

If you prefer to use only your IDP as the source of users, you can disable Autodiscovery for specific domains at any time.

To turn off Autodiscovery for a domain:

  1. Go to the Asset List section in Nordstellar.
  2. Select the Domains tab.
  3. Find the domain you want to update and click the three dots (...) next to it.
  4. Click on Autodiscovery.
  5. In the modal that appears, toggle off Autodiscovery.
  6. Click Save.

This ensures that only users from your IDP are monitored on the platform.

Troubleshooting

If your connection test fails, please review the following common issues:

  • Google Workspace Connection Failed:

    • Credentials File:

      • Ensure the path to your service account JSON key file is correct and the file is not corrupted.

    • Admin Email:

      • Confirm the Admin Email provided is a valid Google Workspace Super Administrator email for domain-wide delegation.

    • Domain-Wide Delegation:

      • Double-check in your Google Workspace Admin Console (Security > Access and data control > API controls > Domain-wide Delegation) that:

        • The Client ID from your service account is correctly added.

        • The required OAuth scopes (https://www.googleapis.com/auth/admin.directory.user.readonly) are correctly authorized.

    • Admin SDK API:

      • Ensure the Admin SDK API is enabled in your Google Cloud Project.

    • Network/Firewall:

      • Confirm there are no network restrictions preventing access to Google APIs from your environment.

If you've checked these details and the problem persists, please contact your IT administrator or Nordstellar support for assistance.

By following these steps, your Nordstellar Platform will be successfully integrated with your Google Workspace, ensuring your user data is always current.

Entra IDOkta
NordStellar © 2026Privacy Policy