Google Workspace SSO configuration
      Back to home
      1. Knowledge Base
      2. ACCOUNT SETTINGS
      3. Google Workspace SSO configuration

      Google Workspace Directory Synchronization

      This article describes instructions for Step 2: Configuring the Directory sync for automatic user provisioning.

       

      You need to complete the steps from Step 1: How To Set Up Google Workspace SSO.

      This article describes instructions for Step 2: Configuring the Directory sync for automatic user provisioning. 


      Requirements      :

      1. Activated and tested Google Workspace SSO in the Wizer Admin Panel. Google Workspace Directory Synchronization won’t work without it.

        Google Workspace SSO instructions

      2. You must be an Administrator in your Google Workspace account with the following permissions:
        • Users: Read
        • Groups: Read
        • Group Members: Read
        • Domains: Read
        • Organization units: Read

      Instructions for Google Workspace Synchronization Setup:

      1. Go to Wizer Admin Panel SSO settings

      2. Click the Google Workspace tab.

      3. Under the Directory Sync tab, click the Connect Google Workspace button.

      4. The consent screen should show the permissions you should grant. Please ensure all the checkboxes are checked, then click the Continue button.

      5. You should be redirected back to the Wizer Admin panel. Click the Google Workspace panel, then select the Directory Sync tab. You should be shown that your Google account is connected. Verify the email under the Connected Account section; it should be your corporate Google Workspace account's email.

        Then click the Configure Synchronization button.
      6. Selecting users to synchronize
        You must select the same users and groups as for the Google Workspace SSO SAML application you configured earlier. If some subsets of your users are chosen to be synchronized but aren’t assigned to the SSO SAML application, the users won't be able to log in, as only the SSO SAML application controls logging in with SSO.
        Please note that the synchronization will create selected users in the Wizer side.
        The Department field in the users' profiles should be filled out on the GW side. The departments will be created automatically, and the users will be assigned to them on the Wizer side.

        Selecting domains

        Select the domains from which you would like to provision the users

        Selecting all users or groups

        After you’ve selected your preferred domains, you can choose to sync all the users from those domains or sync users only from a specific set of groups available in the selected domains.

        All Users option

        All the users from your Google Workspace Directory should appear in Wizer, except suspended/archived (disabled users)

        Be careful with the “All Users” option. It will synchronize ALL the users from your directory, including service accounts.

        Only Selected Group option (recommended)

        Once the filtering option is selected, press the Save & Test button
      7. A synchronization test can take several minutes, depending on the size of your Google Workspace Directory.
      8. When the test synchronization is finished, you should be shown the results. Make sure that the numbers are correct. Then click the Enable Synchronization button.
        If you have training assigned to your users, they will receive email notifications after you enable synchronization.
      9. The actual synchronization can also take up to several minutes. The synchronization time depends on your directory size.
      10. Once the synchronization is finished, the synchronization status should become "Active"
      11. Your Google Workspace users should be synchronized with Wizer now. You can confirm this by visiting the All Users page. 
      12. You can always initiate an on-demand synchronization by pressing the Synchronize Now button.
      13. Automated synchronizations happen every 3-4 hours

      Frequently asked questions

      1. How do I notify users to start training?
        Users receive automated notification emails once they are synchronized and training is assigned.
      2. What happens if I manually delete/disable a user from Wizer? Will the user be added/marked as active during the next synchronization?
        If the user is still in the synchronization scope, the user will be added again or marked as active on the next synchronization.
      3. What happens if synchronized Google Workspace users are deleted from the Directory?
        The deleted Google Workspace users will be disabled in Wizer.
      4. What fields are synchronized with Wizer?
        • Email (note that we don't support updating emails yet; email addresses are propagated only when users are added to Wizer)
        • Department
        • First Name
        • Last Name
        • If users are active - suspended, or archived, Google Workspace users become disabled in Wizer.
      5. Why are users not assigned to departments after synchronization? Why were departments not created on the Wizer side?
        Please verify on the Google Workspace side if the Department field is filled out correctly for all users. Then click "Synchronize Now" in the SSO Settings.
      6. Why are users disabled/deactivated with every synchronization when active in our Google Workspace?
        Please check if these users are included in these filters. During each sync cycle, any user who is not part of the assigned domains or groups will be disabled.
      7. I want to synchronize groups. Is that possible?
        Currently, there is no group synchronization available. We are working on a feature that will sync Google Groups with Wizer Groups/Wizer Departments. You can send us a request, and we will let you know once it is implemented.
      8. I have just enabled synchronization, and it is not working. 
        Please check all the settings and wait 3-4 hours until the synchronization process is complete. 
      9. Departments and Groups are not shown in the filter for synchronization.
        Please disconnect the connected Google account by pressing the button in the admin console featured in the screenshot below. Then, you can go ahead and re-add the account and make sure all the required permissions are selected, as outlined in this paragraph.
      10. Getting a 403 error with the message "app_not_configured_for_user"
      • SSO Documentation Validation: Ensure all values are accurately copied and pasted as outlined in our SSO documentation.
      • User Assignment to Wizer App: Verify that all users experiencing errors are correctly assigned to the Wizer App.
      • App Creation Time: If the app is newly created, a 24-hour wait period is necessary due to Google's validation processes.
      • Error Occurrence: Is this error occurring for all users or just a select few?
      • Affected User Information: Please provide example email addresses of users affected by this error.

       

      Any questions?

      Please feel free to contact our Support Team by emailing us at support@wizer-training.com.

      Best regards,

      wizer_logo_dark