Description
Mailprotector supports User Sync with Google Workspace (G-Suite) tenant domains to manage users in the Console. The main benefit to the synchronization feature is knowing that the Google Workspace mailboxes are present in the Console and ready to protect the inbox. The synchronization will also remove users from the Console if the mailbox is removed from Google Workspace.
Applies to:
Google Workspace (G-Suite), User Sync, User Source
Prerequisites
The Google Workspace tenant domain must be configured and contain at least one mailbox user. Enabling Directory Synchronization requires a Super Admin account for the Google Workspace domain. A standard mailbox user will not have permission to communicate with the Google Workspace API for synchronization.
NOTE: The User Sync API domain for Mailprotector is emailservice.io. Setting up Google Workspace User Sync must be done from https://emailservice.io. Once configured, you may access the Console using your preferred URL.
Configuring User Sync
Preparing the Domain in the Mailprotector Console
1. Log in to the Console with your Manager account using https://emailservice.io/signin.
2. Navigate to the domain where you wish to add User Sync.
3. Select the User Sync tab located in Figure 1.
Fig. 1
4. Scroll down to the second section labeled User Sources (Figure 2) and click Add.
Fig. 2
BEST PRACTICE: Do not enable User Sync until after you have confirmed the source is adding users correctly with a manual Preview.
5. Click Choose under the G Suite logo (Figure 3).
Fig. 3
6. Under the Source tab, click the Connect Google Workspace button (Figure 4), then log in to the Google Workspace tenant domain you are configuring. Be sure to use a Super Admin account for the domain you are configuring. The Google Workspace login dialog will look similar to Figure 5.
Fig. 4
Fig. 5
7. After successfully logging into Google Admin, you will be presented with a permission request (Figure 6) to allow Mailprotector to view groups on your domain and see information about users on your domain so that User Sync functions correctly. Be sure the account you signed in to has admin permissions. Click the Allow button to continue.
Fig. 6
8. You will return to the Edit User Sync screen in the Console. A successful connection will result in a choice to Disconnect Google Workspace appearing in the Sources tab, as shown in Figure 7. Leave this choice as-is; do not click the button to disconnect. You can now select the blue back arrow to navigate back to the User Sync tab.
Fig. 7
ERROR NOTE: If you received an error attempting to connect to Google Workspace, check the Errors Connecting Google Workspace to the Mailprotector Console section below.
9. Once you return to the User Sync section, enable the Google Workspace User Source and then click on Sync and Save as shown in Figure 9. Sync and Save will pull the user list into the console immediately. It should display a list of users that will be added to the Console over the next one to five minutes.
Fig. 9
10. You are now ready to enable Automatic User Sync. Click the slider at the top of the page, shown in Figure 10, to turn on Enable automatic user sync.
Fig. 10
NOTE: User Sync is requesting addresses that match the domain in the Mailprotector Console, and users' email accounts will need to be fully configured in Google Workspace before User Sync can obtain the data.
IMPORTANT: The User Sync tool will create a user in the Mailprotector Console for each domain address and mailbox in Google Workspace. With the exception of Users and Discovered Users, all other user types in the Console will be marked accordingly and are non-billable users.
(Optional) Adding Filters and Destination groups
User Sync will direct addresses to the Main Group by default. If you want to direct certain users to different groups, you may change which users are targeted using the Filters tab of the User Source created in Step 5 above. You can then change which group those users are placed into by changing the Destination group.
Fig. 11
IMPORTANT: The Filters section fields may auto-populate with available Google Workspace fields as you begin typing. Some of the available API fields are:
- emails
- id
- include_in_global_address_list
- is_mailbox_setup
- list_type
- name
- primary_email
Errors Connecting Google Workspace to the Mailprotector Console
If you receive an error when configuring User Sync, check these suggested solutions:
1. Showing 0 to 0 of 0 entries.
To fix a failed Sync, ensure that the account used to Connect Google Workspace is a Super Admin account and try again.
2. Access blocked: This app’s request is invalid. (Error 400: redirect_uri_mismatch)
To fix failed access to the Mailprotector App, sign out of your Manager account in the Mailprotector Console then go to the link https://emailservice.io to sign back in to your Manager account.
3. API Access is Restricted.
To fix this and Enable API Access:
- Log in to the Google Workspace Admin Console.
- Go to Security > Access and Data Control > API Controls > Manage Google Services
- Find Google Workspace Admin and select Change Access
- Select Unrestricted: Any user-approved app can access a service to enable API Access
4. One of the systems is disabled.
To fix this and enable systems:
- Log in to the Google Workspace Admin Console.
- Go to Security > Access and Data Control> API Controls > API Permissions.
- Enable any disabled systems.
Additional Help
If you have any additional questions regarding Google Workspace User Sync, experience problems, or an interest in other best practices, please contact the Partner Success Team.
Related to
Updated