Automate Google Workspace Admin Tasks: A Step-By-Step Video Tutorial With Templates

IT Use Cases

A step-by-step guide on the easiest way to perform several most repetitive and common Google Workspace admin tasks, from how to add a user to Google account to advanced SCIM provisioning and more.

Managing Google Workspace can be a daunting task for administrators. With a myriad of responsibilities ranging from user onboarding to license management, keeping everything running smoothly often feels overwhelming. In this blog post, we will cover the easiest way to automate several most repetitive and common tasks Google Workspace admins have to carry out: 

  • New user onboarding and provisioning,
  • Employee off-boarding (including departing user access revokes),
  • Shared files audits,
  • Tracking and acting upon out-of-domain email forwarding
  • Google Vault exports.

Follow along to learn how to save 60% of your working time, eliminate human error, boost data security level and improve your compliance.

Table of Contents

How to Automate User Onboarding and Provisioning

There are several most common ways Google Workspace admins can automate their tasks around user onboarding and provisioning. Google itself provides a comprehensive set of APIs through its Admin SDK that allows for automation of various administrative tasks.

  • Directory API: Used for managing users, groups, and organizational units.
  • Admin Reports API: Allows for monitoring and generating reports on user activity.
  • Data Transfer API: Helps in transferring user data from one user to another.

Another option is to use Google Apps Script for scripting custom automations that would automatically add new users, set up their email signatures, and assign them to the appropriate groups.

Using Zenphi, the #1 Google Workspace automation solution, is the third alternative that saves time and guarantees maximum efficiency of handling Google admin tasks. Let’s see how you can automate user onboarding and provisioning using Zenphi.

Automating the Basic Onboarding Flow (Adding a User To Google Account)

  1. Trigger the flow by using ‘Gmail (New Email)’ trigger which will start the automated employee onboarding whenever a new email from the HR team arrives in your inbox.
  2. Extract the text from the HTML body of our incoming email using the “Extract text from HTML” action. To save time and extract all fields at once, use a “Parallel” action. This allows all branches to run in tandem.
  3. Inside each of these branches, include two actions. First, a “Regex – Find Value” action, which allows to find text based on a specific pattern. We will indicate the output of our previous “Extract Text from HTML” action as the text and then find the pattern that extracts what you’re looking for. Then, using a Set Variable” action, assign the result obtained from the previous action.
  4. Use the ‘Generate Password’ action, which will allow you to create a safe and unique password for the user.
  5. Add the ‘Create User action to create the Google Account for the onboarding employee.
  6. Use the ‘Send Email (Gmail)’ action to notify the HR team and the user about their onboarding process status.

Watch this video tutorial to replicate the flow in your Google Workspace. 

Video Tutorial: Automate Employee Onboarding

Automating User Provisioning and Deprovisioning with Google Workspace SCIM - Basic Flow

Many companies now use Google Workspace SCIM provisioning to automate the management of user identities and their access to Google Workspace applications. Let’s see how you can easily do it using an example of Microsoft Azure AD, as an identity service provider.

With Zenphi, you can seamlessly automate object creation, deletion and updating not only in Google Workspace but also in Google Directory and Microsoft Azure in a few clicks. For onboarding, if you’re using Azure AD for managing user identity, just add a couple of steps within your Google workflow. For example, after the welcome email to the user, you can add an action that assigns a new employee to the appropriate groups in Azure AD, and provides them with access to the necessary resources.

Use this Employee Onboarding template if this flow looks relevant.

If you’re looking for Google Directory automation, try out this template, where we have built the most common automated workflows for Google Admins.

If you’re using Azure AD for identity management, you’d probably need a flow for automated group creation and deletion, as well as group creation approval flow (in case a user sends a request, and is allowed to create a group only if they meet certain criteria).

  1. We recommend to start the flow with a filled in Google Form.
  2. Just define approval criteria and use an If condition (If criteria are met)

Use Create a Group in Azure AD and Send a Confirmation email for the positive branch (if criteria are met). Or Assign a task for the further review of the request action in the negative branch.

For more automated actions using SCIM and Azure AD (like Password recovery) read this blog post [Azure Automation Made Easy: 5 Workflows T Streamline Your Tasks]

The #1 No-Code Automation Solution For Google Workspace Admins

Have more Google Admin tasks to automate? Sign up for a free trial to replicate this flow and experience the power of Zenphi automations first-hand!

How to Automate Employee Offboarding and Access Revokes

Again, options are not that numerous: Google SDK and custom scripting using Google Apps Script. But let’s see how you can do it using a more efficient alternative — Zenphi.

  1. Launch Zenphi’s Google Workspace Admin template 

2. Establish an Admin connection

3. Choose a trigger (Form submission, email arrival or anything else)

4. If you’re revoking access, use ‘Lookup User Information‘ and ‘List User’s Shared Files‘ action. 

5. Use ‘Remove Sharing’ actions (for the permission ID, add the ‘List Permissions‘ action above, and loop it for every listed file (‘ForEach Loop‘ action) then ‘List User’s Shared Files‘ action. 

6. Use ‘Sign Out User’ action to ensure they are logged out from all devices before proceeding to the next steps.

7. Generate new password and update recovery information for the account using two Zenphi actions ‘Generate Password’ and ‘Update User’.

8. As an additional layer of security, use ‘Suspend User‘ action.  This powerful feature enables the suspension and archiving of users if required. Simply specify the user’s email address and whether they should be suspended, archived, or both.

Watch this video tutorial to replicate the flow in your Google Workspace. 

consultant
free offboarding workflows!
Contact our Google Workspace automation experts today, and get your offboarding flows of any complexity automated for free!

Video Tutorial: Automate User Offboarding Revoking Ther Access To Shared Files

How to Automate Shared Files audits

This process is easy to automate using Zenphi.

  1. Choose a Manual trigger. As we’re talking about recurring audits, this flow should be manually triggered at a specific time and date, then set to run periodically (e.g., every 30 days).
  2. Use ‘Read Rows‘ action that allows you to read specific drives that you have specified somewhere (for example, in a Google Sheet). Alternatively, if you want to audit all drives in your Google Workspace, use the ‘List Drives’.
  3. Create a loop by using a ‘Foreach action, which allows the process to loop for each drive that needs to be audited.
  4. Use an action called List Shared Files. This action lists all files on the shared drives that have ever been shared. To execute this action, you must create a Google Workspace Administrator connection so that Zenphi can list files on your behalf. You’ll also have to choose the type of file sharing you’re interested in. You can select between Domain Shared, Shared With External Email Address, Shared With A Link, or select all. If you choose Shared With External Email Address, specify your internal domain — all email addresses not associated with it will be considered external.
  5. List and Filter permissions. To conduct the search and take action on the files, you’ll have to step into the shoes of the shared drive’s owner or perform an audit on their behalf. This means you need to locate an owner or content manager of every drive you audit. This can be easily done by adding another step in the loop — choose the action ‘List Permissions’. This action will list all members of a shared drive. Then use ‘Query Collections — an action that allows you to take data from the previous step (List Members) and filter in only those who are important for the next step — in this case, the drive’s organizer/manager.
  6. Create a report. The best practice is not to take action on the files immediately but to create a report first. For this, you’ll need to create a template in Google Sheets with the following suggested headers: Drive ID, Drive Name, File ID, File Name, View Link, Has Link Sharing, Has Email Sharing, Shared With Emails. Use this template to be populated every time a flow runs on every single drive. Just add two actions: ‘Copy Template File’ and ‘Add Multiple Rows’, then specify your Spreadsheet template as a reference. This will allow you to generate reports for every drive separately, and then send this report to the drive owner or the Head of Security to take further actions.

Watch a step-by step video tutorial on how to automate Google shared files audits

Video Tutorial: Automate Google Shared Files Audits

Gmail automation: How to automate signature updates, alias assignments, label provisioning, email forwarding rules and more

Read this blog post to learn the details of every flow [5 Gmail Automation Tips For Google Workspace Admins]

Automate Google Workspace license management

Google admins have to track all active Google Workspace licenses, and purchase more if needed. However, with Google increasing the fees, it became a burden: now admins also have to track if users are inactive, and archive or delete them to use their license with new employees. Partially, it’s a data security related task: you don’t want any of your departed users to still have access to shared files or drives. But it also makes sense financially: what’s the point of paying more for a license if you still can use the available capacity?!

Some of your users have built recurring flows that check inactive users every 30 days:

— in case a user hasn’t logged in their Google account,

— they double check with HR if this user has departed,

— and if the answer is positive, they want to archive or delete the user, and re-use the license.

All of these actions: the audit, the communication, the archiving — are performed automatically with zero time input from a Google admin! 

Or watch this video to see how to build an automation like this one

Video Tutorial: How To Automate Google Workspace License Management

Automate Google Vault Exports

Exporting Google Vault data to Google cold  storage is another great way to save money. As with the previous flow, it can be recurring — happening, say, once a month, or triggered by a certain event — say, upon an arrival of the email about user departure, all data related to this user can be exported from Vault automatically and sent to be stored in Google cloud.

Watch this recording where Vahid Taslimi, CEO at Zenphi, explains in detail how to automate most of the processes described above, including Google Vault exports (start from minute 5 if you’re interested in this flow specifically), otherwise it’s just a 7 min long video. Watch it to learn many of Zenphi’s capabilities around Google Workspace workflow automation.

Video Tutorial: How To Automate Google Workspace Admin Tasks, All-In-One Overview

About The Author
Picture of Vahid Taslimi, CEO @Zenphi
Vahid Taslimi, CEO @Zenphi

Formerly the VP of Product at Nintex, and Solutions Architect at Emirates Airlines, Vahid now leads dynamic Zenphi team, a company dedicated to crafting a platform empowering Google Workspace users to automate Google admin tasks and other processes end-to-end while enhancing data security and compliance.