Prerequisites
Required permissions: Admin-level access in Trio and administrator access to the respective cloud directory
Supported platforms: Google Workspace and Microsoft Entra ID (formerly Azure AD)
Time estimate: 10–15 minutes per directory
Additional requirements: OAuth 2.0 admin consent for directory access
Before You Start
Cloud Directory integration allows you to import and sync users, groups, and organizational units from third-party directory services like Google Workspace and Microsoft Entra ID. This connection ensures your MDM environment remains up to date by syncing identities automatically or on-demand.
Connecting a directory is secure and read-only—Trio never accesses your emails or private files.
Step 1: Go to Cloud Directories
Navigate to the Integrations section in the left sidebar.
Click on Cloud Directories.
Expected result: A screen shows that no directory is connected, with options to connect Google Workspace or Microsoft Entra ID.
Step 2: Choose Your Directory Provider
Click Connect Google Workspace under the Google Workspace option.
Expected result: A panel appears explaining what the Google Workspace integration enables:
User Syncing
Automatic or Manual Sync
Secure OAuth Connection
Step 3: Begin Integration Setup
Review what the integration enables and click Get Start.
On the next screen, enter a Directory Name (e.g., “Google HR Users”).
Note: This name helps distinguish between multiple integrations or environments and will show up in logs and listings.
Click Sign in with Google.
Expected result: You are redirected to sign in with a Google Admin account to authorize the connection via OAuth 2.0.
Step 4: Confirm Connection and Configure Sync
Once you return from authenticating with Google, you’ll land on the integration detail page:
Your connected directory (e.g., “Acme Google Workspace”) appears with tabs:
Details
Users
User Groups
Activity Log
Under Import Users, you can:
Perform Manual Import
Enable/Disable Automatic Sync
In the Google Workspace Domain(s) section, optionally add domains and set sync rules.
Key Highlights panel shows:
Status: Connected
Admin Email
Total Users Synced
Last Sync Timestamp
Step 5: Configure Import Preferences
In the Import Users section, choose your sync method:
Manual Import: Click Start manual import to selectively choose which users to import from your connected cloud directory.
Automatic Sync: Toggle the switch to Enabled to automatically sync users every 24 hours.
Expected result: Users from your cloud directory (e.g., Google Workspace) will be set to pending or deactivated according to your provisioning rules.
Provisioning Note:
Active users = Imported as Pending in Trio
Suspended users = Imported as Deactivated in Trio
→ Click View Settings to adjust these defaults.
Step 6: Add Domain Rules (Optional)
In the Google Workspace Domain(s) section, click + Add Domain.
Choose one of the domain matching behaviors:
No domains: All users sync, regardless of domain.
“Only match” domains: Only users with exact matching domains will sync.
Default domain: All users sync, and non-matching domains are reassigned to the default domain.
Expected result: User sync behavior adapts based on domain rules you define.
Troubleshooting this step:
Issue: Users not syncing → Solution: Confirm domain match logic and domain entries.
Common mistake: Leaving default domain unchecked → Prevention: Set a default domain if needed.
Step 7: Set Attribute Mapping
In the Attribute Mapping and Settings section, review how Trio attributes map to your cloud directory attributes (e.g., Google Workspace).
For each field:
Choose whether to Export, Exclude, or lock as Trio cloud-owned.
Map the Trio attribute to the corresponding field in the destination directory.
Example mappings:
email→primaryEmailfirst name→name.givenNameemployeeID→employeeID
Note: Password and user status fields may affect authentication settings and cannot be altered.
Advanced Option: You may selectively export or exclude fields like department, cost center, or job title.
Step 8: Finalize Domain Sync Logic
Return to the Google Workspace Domain(s) section.
If you've added one or more domains, choose one to Use as default.
Select the desired domain from the dropdown and confirm your selection.
[Screenshot placeholder]
Expected result: All unmatched users will adopt the selected default domain unless restricted.
Step 9: Choose an Import Method
Once your Google Workspace connection is configured, decide how you want to import users into Trio.
Under Manual Import, select from the available options:
Select specific new users to import:
Choose and review individual users to import from Google Workspace. Suspended users in Google will import as Deactivated in Trio.All New and Updated Users:
Imports all new users and any user updates from Google into Trio.Only Updated Users:
Imports only existing users in Trio that have been updated in Google Workspace.Only Newly Added Users:
Imports users that are brand new and do not exist in Trio.
Click Import to continue based on the selected option.
Expected result:
The import process begins according to the selected sync logic.
Troubleshooting this step:
Issue: Unexpected user updates after import → Solution: Choose “Only Newly Added Users” to avoid overwriting attributes.
Common mistake: Using “All New and Updated Users” in production too early → Prevention: Use “Select specific new users” for a safe initial import.
If you have more questions regarding Google Workspace cloud directory and user sync, please contact the Trio team!