Skip to main content

Google Groups + Indent Webhook

This guide will show you how to create a webhook for Indent to communicate with for granting and revoking access, among other operations, to Google Groups. This webhook can be run as a Google Cloud Function.

There are direct code examples in the indentapis/examples repository. Take a look at the code that will run in these webhooks: terraform-gcloud-google-groups-pull-webhook and terraform-gcloud-google-groups-webhook.

This page assumes that you or someone on your team has already completed the Quickstart. If you haven't already, we would recommend you check it out - it should take 5 minutes.

Prerequisites

Overview

We're going to pull Google Groups into Indent (optionally, you can manually import groups) then set up automated change management. This webhook integration only works when deployed on Google Cloud because it uses Google APIs and IAM permissions directly.

Step 1: Deploy the pull update webhook#

  1. Sign in and select your Indent Space.
  2. Go to your Webhooks.
  3. Click "New" and create a new Webhook.
    • For "Kind of Webhook" select "Pull update"
    • For "Supported Kind of Resource" select "Google Group" or type google.v1.Group
    • Save the webhook and note down the signing secret for use in the deployment process
  4. Download the example:
curl https://codeload.github.com/indentapis/examples/tar.gz/main | tar -xz --strip=3 examples-main/webhooks/pull/terraform-gcloud-google-groups-pull-webhook
cd terraform-gcloud-google-groups-pull-webhook

Follow the instructions in the README to complete the deployment process.

Pull updates from Google Groups#

  1. Enter the HTTP endpoint from Cloud Functions as the "Webhook URL" field in your new Webhook.
  2. Save the new Webhook.
  3. Go to the Resources page, click the dropdown arrow next to "New", click "Pull Update", select "Google Groups" in the modal then "Start Pulling Updates".

Now if you search for "google group" on the Resource page, you should see your groups. Next, we're going to set up changing group membership automatically when access is granted or revoked.

Step 2: Deploy the change webhook#

Download the example:

curl https://codeload.github.com/indentapis/examples/tar.gz/main | tar -xz --strip=3 examples-main/webhooks/change/terraform-gcloud-google-groups-webhook
cd terraform-gcloud-google-groups-webhook

Follow the instructions in the README to complete the deployment process then save the new webhook in your Indent configuration.

Grant the function service account permissions#

Deploying the function creates a new service account. This account is used to change group membership, so it needs appropriate permissions like Manager or Owner of each Google Group you want to manage. Changes to service account permissions can be made in the Google Admin dashboard for Groups by adding the email of the service account.

Step 3: Configure your Indent policies#

  1. Open the "Access Request Rules" section and navigate to the rules for your new resource.
  2. Configure the approvers for granting access to your Google Groups.

Step 4: Make a test request#

  1. Go to Request Access.
  2. Select your Google Group from the dropdown and enter a reason for access.
  3. Once the access is approved, you can check groups.google.com to confirm membership.

Congrats! You’ve just configured requesting and managing Google Group access with Indent.


Import groups manually#

  1. Sign into your Indent Space.
  2. Go to your Resources.
  3. Click "New" and create a new Resource.
    • Under resource type, type in "google.v1.Group"
    • Enter the name of your Google Group.
    • Enter the ID of your Google Group.
How do I get my group's ID?

  • Visit the Google Workspace Admin SDK page.
  • Use the "Try This API" modal to get the ID. Under the "customer" field enter my_customer. (Note: This must be performed as a Workspace Administrator)
  • Paste the ID for your group into the Indent Resource creation page.


How do I get my Google Workspace Customer ID?

  • Sign in to your Google Cloud Admin Console as an administrator.
  • From the Admin console home page, go to "Account Settings" then "Profile."
  • Next to "Customer ID" find your organization's unique ID.