Summary
This workflow automates the creation of Google Workspace user accounts as part of the user onboarding process. The solution creates the user account, places it in the correct organizational unit, assigns appropriate licenses, configures group memberships, sets up email aliases, configures application access, and delivers credentials securely. By automating Google Workspace provisioning, the workflow ensures consistent account configuration, reduces onboarding time, eliminates manual errors, and maintains compliance with organizational standards.
Usage
Prerequisites
Before using this workflow, ensure the following requirements are met:
-
Google Workspace Integration: Configure Google Workspace integration with admin directory API access
-
PSA Integration: For ticket tracking
-
Email Integration: For notifications and credential delivery
-
Organizational Variables:
google_user_creation_ticket_board: PSA board for onboarding tasksgoogle_default_ou: Default organizational unit pathgoogle_department_ou_mapping: Map departments to OUsgoogle_default_license: Default license SKUgoogle_department_groups: Department-specific group mappingsgoogle_default_groups: Default groups for all usersgoogle_password_policy: Initial password generation rules
Workflow Inputs
| Parameter | Type | Required | Description |
|---|---|---|---|
first_name | String | Yes | User's first name |
last_name | String | Yes | User's last name |
company_id | String | Yes | PSA company ID |
department | String | Yes | Department name |
title | String | Yes | Job title |
manager_email | String | No | Manager's email address |
license_sku | String | No | License to assign (default: org variable) |
email_aliases | Array | No | Additional email aliases |
custom_ou | String | No | Override default OU path |
additional_groups | Array | No | Extra groups beyond defaults |
ticket_id | String | No | Existing PSA ticket to update |
Execution
Manual Trigger
- Execute from PSA ticket or onboarding form
Automated Trigger
- Part of new user onboarding workflow
- Triggered by HR system integration
Creation Process Flow
- Input Validation: Verify required fields and domain mapping
- Email Generation: Generate primary email address
- Duplicate Check: Verify email doesn't already exist
- OU Determination: Map department to organizational unit
- Password Generation: Generate initial password per policy
- User Creation: Create Google Workspace user account
- License Assignment: Assign appropriate Google Workspace license
- OU Placement: Move user to correct organizational unit
- Group Assignment: Add to default and department groups
- Email Aliases: Configure additional email aliases
- Application Access: Configure app-specific settings
- Credential Delivery: Send credentials via secure method
- PSA Update: Update ticket with account details
- Notification: Alert requestor and manager
Returned Data
{
"success": true,
"user_created": {
"primary_email": "john.smith@techco.com",
"display_name": "John Smith",
"first_name": "John",
"last_name": "Smith",
"organizational_unit": "/Engineering",
"department": "Engineering",
"title": "Software Developer",
"manager": "sarah.jones@techco.com",
"account_enabled": true,
"password_must_change": true,
"creation_timestamp": "2026-03-04T19:00:00Z"
},
"license": {
"sku": "Google-Apps-For-Business",
"name": "Google Workspace Business Standard",
"assigned": true
},
"email_aliases": [
{
"alias": "jsmith@techco.com",
"created": true
}
],
"group_memberships": [
{
"group": "all-company@techco.com",
"type": "Default",
"added": true
},
{
"group": "engineering@techco.com",
"type": "Department",
"added": true
},
{
"group": "dev-team@techco.com",
"type": "Department",
"added": true
}
],
"application_access": {
"gmail": "Enabled",
"drive": "Enabled",
"calendar": "Enabled",
"meet": "Enabled",
"chat": "Enabled"
},
"credential_delivery": {
"method": "Secure email to manager",
"delivered_to": "sarah.jones@techco.com",
"temporary_password": true
},
"ticket_id": "ONB-2026-023"
}
Changelog
2026-03-04
- Initial version of the document