{"id":20398490,"url":"https://github.com/keeper-security/ksm-google-scim","last_synced_at":"2025-10-15T02:02:58.963Z","repository":{"id":221595257,"uuid":"753941122","full_name":"Keeper-Security/ksm-google-scim","owner":"Keeper-Security","description":null,"archived":false,"fork":false,"pushed_at":"2024-04-19T13:02:28.000Z","size":615,"stargazers_count":0,"open_issues_count":3,"forks_count":0,"subscribers_count":7,"default_branch":"main","last_synced_at":"2025-05-30T18:14:18.105Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Keeper-Security.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2024-02-07T04:34:45.000Z","updated_at":"2024-02-08T21:17:56.000Z","dependencies_parsed_at":"2024-04-19T14:27:53.680Z","dependency_job_id":"9bc044e6-c98e-4af2-bf16-547b7289c5a4","html_url":"https://github.com/Keeper-Security/ksm-google-scim","commit_stats":null,"previous_names":["keeper-security/ksm-google-scim"],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/Keeper-Security/ksm-google-scim","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Keeper-Security%2Fksm-google-scim","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Keeper-Security%2Fksm-google-scim/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Keeper-Security%2Fksm-google-scim/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Keeper-Security%2Fksm-google-scim/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Keeper-Security","download_url":"https://codeload.github.com/Keeper-Security/ksm-google-scim/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Keeper-Security%2Fksm-google-scim/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":260116643,"owners_count":22961064,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-15T04:22:18.177Z","updated_at":"2025-10-15T02:02:58.950Z","avatar_url":"https://github.com/Keeper-Security.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"![Keeper Secret Manager Google SCIM Push Header](https://github.com/user-attachments/assets/856e2170-d1ce-4262-a425-869e10fd04fc)\n\n# Keeper Secrets Manager : Google SCIM Push\n\nThis repository contains the source code that synchronizes Google Workspace Users/Groups and Keeper Enterprise Users/Teams. This is necessary because Google Workspace does not adequately support Team SCIM provisioning.\n\n## Step by Step Instructions\nRead this document: [Google Workspace User and Group Provisioning with Cloud Function](https://docs.keeper.io/en/sso-connect-cloud/identity-provider-setup/g-suite-keeper/google-workspace-user-and-group-provisioning-with-cloud-function)\n\n\u003e This project replicates the `keeper scim push --source=google` [Commander CLI command](https://docs.keeper.io/en/keeperpam/commander-cli/command-reference/enterprise-management-commands/scim-push-configuration) and shares configuration settings with this command.\n\n### Prerequisites\n* Keeper Secret Manager enterprise subscription\n\n### Prepare KSM application\n  * Create KSM application or reuse the existing one\n  * Share the SCIM configuration record with this KSM application\n  * `Add Device` and make sure method is `Configuration File` Base64 encoding.\n\n### Configuration with `gcloud`\n1. Clone this repository locally\n2. Copy `.env.yaml.sample` to `.env.yaml`\n3. Edit `.env.yaml`\n   * Set `KSM_CONFIG_BASE64` to the content of the KSM configuration file generated at the previous step\n   * Set `KSM_RECORD_UID` to configuration record UID created for Commander's `scim push` command\n4. Create Google Cloud function. Replace `\u003cREGION\u003e` placeholder with the GCP region. \n```shell\ngcloud functions deploy \u003cPickUniqueFunctionName\u003e \\\n--gen2 \\\n--runtime=go121 \\\n--max-instances=1 \\\n--memory=512M \\\n--env-vars-file .env.yaml \\\n--region=\u003cREGION\u003e \\\n--timeout=120s \\\n--source=. \\\n--entry-point=GcpScimSyncHttp \\\n--trigger-http \\\n--no-allow-unauthenticated\n```\n\n### Configuration with `Google Console`\n1. Clone this repository locally\n2. Create `source.zip` file that contains \"*.go\" and \"go.*\" matches\n```shell\nzip source.zip `find . -name \"*.go\"`\nzip source.zip `find . -name \"go.*\"`\n```\n3. Login to Google Console\n4. Create a new function ![Create New Function](./images/create_new_function.png)\n![Create Step 1](./images/create_step1.png)\n![Create Step 2](./images/create_step2.png)\n![Create Step 3](./images/create_step3.png)\n   * Set `KSM_CONFIG_BASE64` to the content of the KSM configuration file generated at the previous step\n   * Set `KSM_RECORD_UID` to configuration record UID created for Commander's `scim push` command\n5. Click `NEXT`\n6. Set \"Entry point\" to `GcpScimSyncHttp`\n7. Upload the source code using `source.zip`. \"Destination bucket\" can be any.\n![Create Step 4](./images/create_step4.png)\n8. Click `DEPLOY`\n\n### Create Cloud Scheduler with `Google Console`\n1. Find the created function and copy function URL to the clipboard\n   ![Copy URL](./images/copy_url.png)\n\n2. Search for `scheduler` and select `Cloud Scheduler`\n3. Click `CREATE JOB`. `15 * * * *` means every hour at 15th minute\n\n   ![Scheduler Step 1](./images/scheduler_step1.png)\n4. Grant the scheduler access to SCIM function \n\n   ![Scheduler Access](./images/scheduler_access.png)\n5. Create Scheduler and check it works by clicking `FORCE RUN`\n\n   ![Scheduler Run](./images/scheduler_run.png)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkeeper-security%2Fksm-google-scim","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkeeper-security%2Fksm-google-scim","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkeeper-security%2Fksm-google-scim/lists"}