Google Workspace users
FortiDLP supports syncing of users from your Google Workspace directory. This a one-way sync, so no information from FortiDLP is transferred to your workspace.
You can filter the users that you sync to FortiDLP by using Google's filtering syntax, as described in their documentation here.
Field mappings
Field mappings define how Google Workspace fields map to user fields that display in the FortiDLP Console or are used by FortiDLP for identification purposes.
The following table describes the supported mappings. Fields marked with a * can have multiple values in Google, and if this is the case, the value defined as primary in Google will be used.
| Google field | FortiDLP field | Description |
|---|---|---|
name.fullName
|
Name | The user's first and last name. |
primaryEmail
|
The user's email address. | |
UserPhoto
|
Photo | The user's profile picture. |
organizations[].title *
|
Title | The user's job title. |
organizations[].department *
|
Department | The user's department. |
organizations[].description *
|
Description | The user's organizational description. |
name.fullName of the user's manager, who is defined in the value of relations[].value where relations[].type = “manager” * |
Manager | The user's manager's first and last name. |
id of the user's manager, who is defined in the value of relations[].value where relations[].type = “manager |
Manager unique ID | The user's manager's unique identifier. |
phones[].value where phones[].type ="main" or "mobile", or where a primary phone number was not classified as a work phone. |
Mobile phone number | The user's mobile phone number. |
phones[].value where phones[].type = "company_main", "work" or "work_mobile" * |
Office phone number | The user's office phone number. |
addresses[].formatted
where addresses[].type="home" |
Home address | The user's home address. |
addresses[].formatted
where addresses[].type="office" |
Office address | The user's office address. |
addresses[].locality where addresses[].type="office" |
Office location | The user's office location. |
Directory Label mappings
|
Prior to reading this section, it is recommended that you read Labels. |
Directory label mappings define how Google Workspace fields are mapped to FortiDLP directory labels, which can be used to associate users with policy groups and Agent configuration groups.
FortiDLP can auto-generate and assign the following directory labels for each user that is synced to FortiDLP:
| Google field | Example FortiDLP directory label | Description | ||
|---|---|---|---|---|
addresses[].country
|
Country | Spain |
One country label will be created from the user's primary address. |
||
|
|
City | London | One city label will be created from the user's primary address. | ||
organizations[].department
|
Department | Engineering | A department label for each organization the user is part of will be created. | ||
organizations[].jobTitle
|
Job Title | Support Engineer | A job title label for each organization the user is part of will be created. | ||
addresses[].locality
|
Office location | White City | One location label will be created from the user's primary work address. | ||
memberOf
|
Group | Sales | A label for each Google Group the user is a member of will be created. |
For security purposes, directory label values can be replaced with pseudonyms in the FortiDLP Console for operators with the pseudonymization perspective. (For more information about this feature, see Operator roles.) Further, directory labels derived from memberOf can be "flagged" upon generation, meaning users with these labels will be highlighted with a flag symbol in the UI.