This project is read-only.

1.Prerequired libraries

- Google Data API Libraries
Download GoogleDataAPISetup2.1.0.0.msi from http://code.google.com/p/google-gdata/ and extract the files below.
- Google.GData.Apps.dll
- Google.GData.Client.dll
- Google.GData.Extensions.dll

Remark : You can find these files in the lib directory of this archive. I put the files under the Google's redistribution policies.

- Forefront Identity Manager 2010 / R2
This Management Agent can be used only under ECMA2.0 framework. So you must use this agent under FIM 2010 R2 or FIM 2010 rollup 2 (build 4.0.3606.2).

2.Installation

Copy following dll files to extension directory.
- by default C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\Extensions


DLL files to copy.
- Google.GData.Apps.dll / download from Google
- Google.GData.Client.dll / download from Google
- Google.GData.Extensions.dll / download from Google
- GoogleAppsProvisioning.dll / in the lib directory
- GoogleAppsMA.dll / in the obj directory

3.Sample configurations

- FIM 2010 Synchronization Manager

Create Management Agent
- Choose Management Agent type of 'Extensible Connectivity 2.0'.

- Choose 'GoogleAppsMA.dll' in the 'Connected data source extension name' section.

- Provide your Google Apps domain information in 'Connection Parameters' section.
  - Domain Name : Your Google Apps domain name ex) gapps.example.com
  - Admin User : Administrator account name of your domain. You must not provide domain part of the account name. ex) admin
  - Admin Password : Administrator account password.
  - Use Proxy Server : If you use a proxy server, mark this checkbox.
  - User : If your proxy server needs authentication, provide username to authenticate.
  - Password : Provide password for proxy authentication.

- Check 'Person' in the 'Object types' section.


- Select all the attributes in the 'Attribute' section.

- If you use password synchronization with PCNS, mark 'Enable password management' in 'Configure Extension' section.

Create Run Profiles
- Create following profiles.
- Export
- Full Import(Stage Only)

- FIM Portal

Create Outbound Synchronization Rule

- Map attribute flows like following examples.
Initial Source/Metaverse Destination/ConnectorSpace
o accountName dn
x accountName userName
o "P@ssword" + RandomNum(0,99) Password
x firstName firstName
x lastName lastName


Create Action Workflow
- Choose Synchronization Rule Activity using the Sync Rule you created.

Create SET
- Create SET that users to be belong with.


Create Management Policy Rule
- Set type to Set transition with the SET you created.


- Use the Action Workflow you created.


4.Testing


Create users
- Create users in FIM Portal.
- Add the users to the SET you created.

Run profiles
- Run Full Import and Full Synchronization profile of FIM MA.
- Run Export profile of Google Apps MA.
- Run Full Import profile of Google Apps MA.
- Run Export and Delta Import profile of FIM MA.

Now you can see the accounts from FIM in Google Apps Web Console.

5.Known issues

fixed in 1.1.0
- attribute update do not work properly depend on its value.


fixed in 1.0.1
- 'exported-change-not-reimported' occur when you run import after export.
This warning is caused by the attribute(s) that FIM exported could not re-imported from the target system. When you provision to Google Apps, you must set password attribute but you cannot obtain password value from Google Apps, so this warning will occur. You must ignore this warning(s).

6.Note

If you use the debug build, you must create c:\tmp folder.
The MA should put log files under this folder.

7.Feedbacks

Any feedbacks are appreciated.
Naohiro Fujie / MVP for Forefront Identity Manager (Jan 2010 - Dec 2012)
naohiro.fujie@eidentity.jp

Last edited Oct 16, 2012 at 5:12 PM by naohiro, version 20

Comments

vbprasanna1985 Aug 19, 2013 at 10:50 AM 
Thanks for your reply.

Surprisingly even with the new version i didn't get 'dn' in the FIMMA sync and Google Apps Export throws stopped-extensible-extension-error

Any help?


Thanks
Pras

naohiro Jul 27, 2013 at 3:51 AM 
And create the same conditional MPRs to export through each MAs.

naohiro Jul 27, 2013 at 2:58 AM 
If you define multiple MAs for each your Google Apps tenants on your FIM instance, you can manage multiple tenants.

vbprasanna1985 Jul 26, 2013 at 3:18 PM 
Can we use this MA for multiple Google Apps tenants. If so how?

Thanks