Google Workspace
Integrate TigerAccess with Google Workspace for enterprise SSO, automated directory sync, and seamless identity management across your infrastructure.
Google Workspace Integration
Leverage your existing Google Workspace identity infrastructure for secure, automated access control.
SAML & OIDC SSO
Enable single sign-on using SAML 2.0 or OpenID Connect with Google Workspace as your identity provider.
Directory Sync
Automatically synchronize users and groups from Google Workspace directory to TigerAccess.
MFA Passthrough
Leverage Google Workspace MFA policies including 2-Step Verification and Security Keys.
Just-in-Time Provisioning
Automatically create TigerAccess users on first login with attributes mapped from Google Workspace.
Complete Google Workspace Integration
Everything you need to integrate Google Workspace with your infrastructure access.
How Teams Use Google Workspace Integration
Real-world scenarios for Google Workspace integration with TigerAccess.
Enterprise SSO
Enable seamless single sign-on for your entire organization using Google Workspace credentials, eliminating separate password management for infrastructure access.
Automated User Lifecycle
Automatically provision and deprovision TigerAccess users based on Google Workspace directory changes, ensuring access control stays synchronized with HR processes.
Group-Based Access Control
Map Google Groups to TigerAccess roles for scalable permission management. When users join or leave groups in Google Workspace, their access automatically updates.
Compliance & Security
Enforce organization-wide MFA policies and maintain audit trails that correlate Google Workspace identities with infrastructure access for compliance requirements.
Quick Start Guide
Get started with Google Workspace integration in minutes.
Configure Google Workspace
Set up a SAML or OIDC application in Google Workspace Admin Console.
# For SAML configuration:
# 1. Go to Google Admin Console > Apps > Web and mobile apps
# 2. Click "Add App" > "Add custom SAML app"
# 3. Enter app name: "TigerAccess"
# 4. Download IdP metadata or copy SSO URL and certificate
# 5. Set ACS URL: https://your-domain.com/v1/webapi/saml/acs
# 6. Set Entity ID: https://your-domain.com
# 7. Set Name ID format: EMAIL
# 8. Map attributes:
# - email -> email
# - firstName -> given_name
# - lastName -> family_name
# - groups -> groupsCreate SAML Connector in TigerAccess
Configure the SAML connector with Google Workspace IdP metadata.
# saml-connector.yaml
kind: saml
version: v2
metadata:
name: google-workspace
spec:
# From Google Workspace SAML app
issuer: "https://accounts.google.com/o/saml2?idpid=YOUR_IDP_ID"
sso_url: "https://accounts.google.com/o/saml2/idp?idpid=YOUR_IDP_ID"
cert: |
-----BEGIN CERTIFICATE-----
YOUR_GOOGLE_WORKSPACE_CERTIFICATE
-----END CERTIFICATE-----
# Attribute mapping
attributes_to_roles:
- name: "groups"
value: "[email protected]"
roles: ["access", "editor"]
- name: "groups"
value: "[email protected]"
roles: ["access"]
# Create users on first login
entity_descriptor: |
https://your-domain.com
# Service provider settings
acs: "https://your-domain.com/v1/webapi/saml/acs"Enable Directory Sync
Configure Google Workspace API access for automatic user and group synchronization.
# Create service account in Google Cloud Console
# 1. Enable Admin SDK API
# 2. Create service account with domain-wide delegation
# 3. Grant scopes:
# - https://www.googleapis.com/auth/admin.directory.user.readonly
# - https://www.googleapis.com/auth/admin.directory.group.readonly
# google-workspace-sync.yaml
kind: plugin
version: v1
metadata:
name: google-workspace-sync
spec:
settings:
service_account_key: |
YOUR_SERVICE_ACCOUNT_JSON
customer_id: "YOUR_CUSTOMER_ID"
domain: "yourcompany.com"
# Sync configuration
sync_interval: "1h"
sync_users: true
sync_groups: true
# Group mapping
group_mappings:
- google_group: "[email protected]"
tigeraccess_role: "admin"
- google_group: "[email protected]"
tigeraccess_role: "developer"
- google_group: "[email protected]"
tigeraccess_role: "data-engineer"Frequently Asked Questions
Common questions about Google Workspace integration.
Does TigerAccess support Google Workspace MFA?
Yes, TigerAccess fully supports Google Workspace MFA including 2-Step Verification, Security Keys (WebAuthn/FIDO2), and Google Prompt. When users authenticate via SAML/OIDC, Google Workspace MFA policies are enforced before access is granted.
Can I map Google Groups to TigerAccess roles?
Yes, you can configure attribute-based mappings to automatically assign TigerAccess roles based on Google Group membership. When users are added or removed from Google Groups, their TigerAccess permissions update automatically during the next sync or login.
How does directory sync work with Google Workspace?
TigerAccess uses the Google Admin SDK API to periodically fetch users and groups from your Google Workspace directory. You configure a service account with domain-wide delegation and readonly directory scopes. The sync runs at a configurable interval (default: 1 hour) and creates/updates/deactivates TigerAccess users based on Google Workspace directory state.
What happens when a user is removed from Google Workspace?
When directory sync is enabled, TigerAccess will automatically deactivate or delete the corresponding user account based on your configuration. Any active sessions will be terminated, certificates revoked, and access immediately removed. This ensures that terminated employees lose infrastructure access automatically.
Can I use both SAML and OIDC with Google Workspace?
Yes, TigerAccess supports both SAML 2.0 and OpenID Connect for Google Workspace integration. SAML is more common for enterprise SSO, while OIDC provides better support for modern applications and APIs. You can configure either based on your organization's requirements.
Ready to Secure Your Infrastructure?
Join thousands of security-conscious teams using TigerAccess to protect their critical infrastructure and AI agents.
No credit card required • 14-day free trial • Enterprise support available