Google Workspace SSO

This guide walks you through connecting Google Workspace to Peerdom for single sign-on and automatic user sync. You need admin access to the Google Admin Console to complete these steps.

Before you begin, review the SSO overview to understand how Peerdom handles user provisioning, daily sync, and login behavior.

Step 1: Note your Google Workspace domain

Identify the domain associated with your Google Workspace account. This is the part after the @ in your email addresses (for example, myorganization.org). You can verify available domains in the Google Admin Console.

Step 2: Enable domain-wide delegation

1. Open the Google Admin Console at admin.google.com.
2. Navigate to Security > API Controls.
3. Click Manage Domain Wide Delegation under the Domain wide delegation section.
4. Add a new API client with the following values:
   • Client ID: 100767850732510667368
   • OAuth Scope: https://www.googleapis.com/auth/admin.directory.user.readonly

Step 3: Add group scope (optional)

If you want to restrict sync to specific Google groups, add a second OAuth scope in the same delegation entry:

https://www.googleapis.com/auth/admin.directory.group.readonly

Restricting sync to specific groups is recommended for larger organizations. Without a group filter, all domain users are synced to Peerdom.

Step 4: Prepare the admin email

Choose an admin user email for service account delegation. This account must have access to the Admin SDK Directory API and must have logged in at least once and accepted the Google Workspace Terms of Service.

The service account can only perform the read-only actions defined by the scopes you assigned in Step 2.

Step 5: Send configuration to Peerdom

Contact Peerdom support with the following information:

1. Google Workspace domain
2. Admin email address for service account delegation
3. Enable synchronization: yes or no
4. Group ID(s) for restricting sync (optional, without this all domain users are synced)
5. Image synchronization: yes or no
6. Default access rights for new users: Member, Editor, or Owner

Peerdom support will complete the connection and confirm that sync is working.

Once SSO is active, synced users appear in the Directory app. Synced fields are greyed out and can only be changed in Google Workspace.

Related

• Single Sign-On (SSO), overview of SSO features and sync behavior
• Microsoft Entra ID SSO, alternative provider setup
• Okta SSO, alternative provider setup
• Directory, manage your synced user list