Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Having issues sync Gsuite email groups to AWS SSO #91

Closed
rfuelsh opened this issue Jun 15, 2022 · 4 comments
Closed

Having issues sync Gsuite email groups to AWS SSO #91

rfuelsh opened this issue Jun 15, 2022 · 4 comments
Assignees
Labels
enhancement New feature or request

Comments

@rfuelsh
Copy link

rfuelsh commented Jun 15, 2022

So I was able to sync all Gsuite users via the "users_groups" but I am not seeing any Google Workspaces groups in AWS SSO Console.

Ideally I just want to sync all GSuite groups with AWS SSO and then deploy an AWS SSO permission set for GSuite group, I am using the following command:

./ssosync -t $SSOSYNC_SCIM_ACCESS_TOKEN -e $SSOSYNC_SCIM_ENDPOINT -u -c <key.json>
-g 'name:Fuel* email:all*' --sync-method 'groups'

and I am getting this

INFO[0000] Syncing AWS users and groups from Google Workspace SAML Application 
INFO[0000] syncing                                       sync_method=groups
INFO[0000] get google groups                             query="name:Fuel* email:all*"
FATA[0001] googleapi: Error 400: Invalid Input: query, invalid 

what i am doing wrong to sync the GSuite email groups to AWS SSO Groups?

@ankush-yadav25
Copy link

So I was able to sync all Gsuite users via the "users_groups" -> Hey, could you please help me achive this ?
I'm facing alot of issue like "googleapi: Error 404: Domain not found., notFound " while doing so.
your help is much appreciated.

@cornerman
Copy link

Same for me. I got it working by adding includeGroup and explicitly mentioning the groups I want to sync. But I would also like to get the behaviour of syncing all groups.

The problematic code seems to be here: https://github.com/awslabs/ssosync/blob/master/internal/sync.go#L179

@ChrisPates
Copy link
Contributor

ChrisPates commented Jan 20, 2023

In the feature branch linked to this issue. in Groups mode, It will become possible to omit the -g parameter or speciify -g "" which will sync all groups and their member users and/or omit the -u parameter or specify -u "" which sync all users. Omitting/specify both will sync your whole directory.

@ChrisPates
Copy link
Contributor

The specific error you are seeing is because the google api doesn't like the query string you provided for the -g parameter. try -g "Name:Fuel*"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

When branches are created from issues, their pull requests are automatically linked.

4 participants