For customers who federate a Google domain with RM Unify, we provide two apps to support federation, user provisioning, sign-on and adding the tenancy to the RM Reseller Console. We only use the data from Google that we need in order to support federated Google domains in RM Unify.
Purpose:
Data | Scope | Purpose |
---|---|---|
domain | https://apps-apis.google.com/a/feeds/domain/ | To federate a domain |
user | https://www.googleapis.com/auth/admin.directory.user | To manage the provisioning of users on the federated domain |
group | https://www.googleapis.com/auth/admin.directory.group | To manage the provisioning of groups and group memberships for users on the federated domain |
orgunit | https://www.googleapis.com/auth/admin.directory.orgunit | To view and manage organization units on the federated domain |
courses | https://www.googleapis.com/auth/classroom.courses | To create and delete Google Classroom classes |
rosters | https://www.googleapis.com/auth/classroom.rosters | To add and remove people from Google Classroom classes |
emails | https://www.googleapis.com/auth/classroom.profile.emails | To view the email addresses of users in the classes in Google Classroom |
userschema | https://www.googleapis.com/auth/admin.directory.userschema | To view and manage the provisioning of user schemas on the federated domain |
settings | https://www.googleapis.com/auth/apps.groups.settings | To set the access settings for user roles in a group |
Purpose:
Data | Scope | Purpose |
---|---|---|
openid | Default scope | Authentication using OpenID Connect |
profile | Default scope | To allow users to view basic profile information |
Default scope | To view a user's email address |