Introducing the Novell Identity Manager Google Apps Driver - Part 1


Novell is releasing Novell Identity Manager 4 Standard Edition in April. Three new drivers will be included in both the Standard Edition and the Advanced Edition: the Blackboard driver, the Google Apps driver and the RSA SecureID driver. These drivers are free to try for a 90-day trial and can increase the connectivity of your Novell Identity Manager solution.

This article is the first in a series focused on introducing the new Google Apps driver and the supported features.

Google Apps is more than email. It provides organizations with many features such as an online office suite (Google Docs), online chat (Google Talk) and shared web pages (Google Sites). The Novell Identity Manager driver offers synchronization from your identity management system to this cloud-based system.

This driver only requires the Google Apps provisioning API, which is available for all versions of Google Apps except for the free version. The driver utilizes the following APIs from Google: provisioning, shared contacts, profile and email.

The driver supports the following objects:
• User
• Group
• Contact
• Organizational Unit

We will go into depth on which events are supported with each of these object classes in the next article.

The Google Apps driver is a subscriber-only driver that sends events to Google’s APIs in real time. You can also synchronize a password change to Google Apps via the driver. For those not interested in synchronizing the passwords to Google Apps, there are Cool Solutions articles about using Novell Access Manager to provide single sign-on (SSO) via SAML. One reason to synchronize the password to Google Apps is that there are several applications and protocols (such as IMAP and POP) for which SAML cannot provide SSO and therefore require a password to be present.
The driver supports using the Novell Identity Manager Roles Based Provisioning Module and the Role Mapping Administrator for entitlements. The import package has entitlement support for users (account, group membership, and email domain) and organizational units (mirrored placement and entitlement placement).

For organizations with multiple email domains (within the same Google Apps domain), the driver can easily provision them via an entitlement. For example, if you have a primary domain of and a student domain (subdomain) of, you can provision the email account to the correct email domain. Note that it is not currently possible to move an email account between email domains.

The following email settings are also supported with the driver:
• IMAP (on or off)
• POP (on or off)
• Forward (within the Google domain only)
• Label (set default labels)
• SendAs (if using multiple nicknames or domain alias’s)
• Signature (set default email signature)

Recently, Google has added organization support to Google Apps. This enables administrators to turn off different features for users. The driver supports a mirrored configuration (as well as a placement configuration) with supporting moves of users between the organizational units.

Stay tuned for the next part in the series where we take a look at each individual object and the events supported.


How To-Best Practice
Comment List