This page is for Directory Sync. If you’re using Google Cloud Directory Sync (GCDS), go to GCDS. Directory Sync is currently in public beta.
Before you use Directory Sync, ensure you meet the following prerequisites and requirements.
Google account requirements
- A Google Cloud or Cloud Identity account with:
- Super administrator privileges in the Google Admin console.
- A Data Connectors or Connector Admin role in Google Cloud.
- If you want help managing Directory Sync, another admin with super administrator privileges or an admin with the Manage Directory Sync Settings privilege.
To be able to read but not update settings, you can give an admin the Read Directory Sync Settings privilege.
External directory requirements
Use Directory Sync to connect with external directories (LDAP directories or cloud identity providers) and sync user and group data to your Google cloud directory. Directory Sync supports Microsoft Active Directory (AD) and Microsoft Azure Active Directory (Azure AD).
AD prerequisites
- A network connection between Google Cloud and your AD server. For details, go to Supported network connections.
- If your AD server is located on-premises or hosted outside a Google Cloud environment, you need a connection between Google Cloud and the server using Cloud VPN or Cloud Interconnect.
AD requirements
- AD must support LDAPv3.
- An authorized username and password that has read access to your AD server (to read user and group objects).
- The following information from the AD server:
- Host and port number.
- DNS server to resolve your AD host.
- TLS client certificate to encrypt data transfer between the AD server and Directory Sync.
Azure AD requirements
A Microsoft admin account with the Global Administrator role.
Related topic
Create, edit, and delete custom admin roles
Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.
