Cross-Provider Workflow

Group Membership Sync Across Entra and Google Workspace

Version 1.0.0

Create a matching group in Microsoft Entra ID and Google Workspace.

1 workflow 2 source APIs 2 providers
View Spec View on GitHub ArazzoWorkflowsCross-Provider

Providers Orchestrated

microsoft-entra google-workspace

Workflows

sync-group-entra-google
Create a matching access group in Entra and Google Workspace.
Creates a security group in Microsoft Entra ID and then creates a matching group in Google Workspace, carrying the display name across both.
2 steps inputs: description, displayName, googleEmail, googleName, mailNickname outputs: entraGroupId, googleGroupEmail, googleGroupId
1
create-entra-group
$sourceDescriptions.entraApi.createGroup
Create the security group in Microsoft Entra ID.
2
create-google-group
$sourceDescriptions.googleWorkspaceApi.insertGroup
Create the matching group in Google Workspace.

Source API Descriptions

openapi
entraApi https://raw.githubusercontent.com/api-evangelist/microsoft-entra/refs/heads/main/openapi/microsoft-entra-graph-identity-openapi.yml
openapi
googleWorkspaceApi https://raw.githubusercontent.com/api-evangelist/google-workspace/refs/heads/main/openapi/admin-sdk-directory-api.yml

Arazzo Workflow Specification

id-group-membership-sync-entra-google.yml Raw ↑ 
arazzo: 1.0.1
info:
  title: Group Membership Sync Across Entra and Google Workspace
  summary: Create a matching group in Microsoft Entra ID and Google Workspace.
  description: >-
    A group-provisioning workflow that establishes a parallel access group in two
    directories. Creates a security group in Microsoft Entra ID, then creates a
    matching group in Google Workspace so membership and access policies can be
    kept in lockstep across both identity ecosystems.
  version: 1.0.0
sourceDescriptions:
  - name: entraApi
    url: https://raw.githubusercontent.com/api-evangelist/microsoft-entra/refs/heads/main/openapi/microsoft-entra-graph-identity-openapi.yml
    type: openapi
  - name: googleWorkspaceApi
    url: https://raw.githubusercontent.com/api-evangelist/google-workspace/refs/heads/main/openapi/admin-sdk-directory-api.yml
    type: openapi
workflows:
  - workflowId: sync-group-entra-google
    summary: Create a matching access group in Entra and Google Workspace.
    description: >-
      Creates a security group in Microsoft Entra ID and then creates a matching
      group in Google Workspace, carrying the display name across both.
    inputs:
      type: object
      properties:
        displayName:
          type: string
        mailNickname:
          type: string
        googleEmail:
          type: string
        googleName:
          type: string
        description:
          type: string
    steps:
      - stepId: create-entra-group
        description: Create the security group in Microsoft Entra ID.
        operationId: $sourceDescriptions.entraApi.createGroup
        requestBody:
          contentType: application/json
          payload:
            displayName: $inputs.displayName
            mailEnabled: false
            mailNickname: $inputs.mailNickname
            securityEnabled: true
        successCriteria:
          - condition: $statusCode == 201
        outputs:
          entraGroupId: $response.body#/id
      - stepId: create-google-group
        description: Create the matching group in Google Workspace.
        operationId: $sourceDescriptions.googleWorkspaceApi.insertGroup
        requestBody:
          contentType: application/json
          payload:
            email: $inputs.googleEmail
            name: $inputs.googleName
            description: $inputs.description
        successCriteria:
          - condition: $statusCode == 200
        outputs:
          googleGroupId: $response.body#/id
          googleGroupEmail: $response.body#/email
    outputs:
      entraGroupId: $steps.create-entra-group.outputs.entraGroupId
      googleGroupId: $steps.create-google-group.outputs.googleGroupId
      googleGroupEmail: $steps.create-google-group.outputs.googleGroupEmail