Google Workspace Administrators often manually add users and then manually update the group membership as new people are hired. Considering there are new employees all the time, the process of assigning these users to organizational unit (OU) specific groups takes a lot of effort. Well, in this article, I will show you how to automate the process and simplify your work using coding free tool Foresight.

If you have yet to install Foresight, check out this quick start.

Video demo

Here is a near real world scenario. We want to

  • assign all new users to 2 company wide groups, All hands group and Company Events group. These groups are meant announcement only so all employees should participate.
  • assign new users in R&D > Engineering OU to the CodeLab group. It's a group for engineers to discuss technology and troubleshoot programs.
  • assign new users in R&D > Design OU to the DesignGarden group. It's a group for all designer professionals to share art crafts and exchange design ideas.
  • assign any new employees under Marketing OU (including Digital Marketing and Offline Marketing sub OUs) to the Market Insights group. It's a group where both digital marketers and offline marketers share and learn latest market news, trends and analysis.

To demonstrate the automation, we have 4 new employees joining the teams. This table lists their OUs and the groups to which they will be automatically assigned.

NameOrganizational UnitGroups to assign
Viola JefferiesR&D > DesignAll hands, Company Events, DesignGarden
Adam BowserR&D > EngineeringAll hands, Company Events, CodeLab
Dennis NewportMarketing > Digital MarketingAll hands, Company Events, Market Insights
Jennifer KrehbielMarketing > Offline MarketingAll hands, Company Events, Market Insights

Instructions

It's not hard to understand how it works from watching the video demo. Basically create a rule for each OU you planned to assign its new users to specific groups. For groups of which you want every new account to be a member, create an additional rule too. Let me expand it.

Case A. Groups for all new users

  1. In Rules page, Click new rule button to create a new rule.
  2. Select the User created trigger.
    Select the User created trigger in Foresight
  3. In the Edit trigger page, grant Foresight permission if you see Sign in with Google or Access expired. Once you granted the permission, the status changed to Access granted.
    • Note: since it’s an Administrative rule, in addition to grant access permissions, you also have to set Admin API enabled in Admin Console. Otherwise, this rule will fail by the time it runs.
  4. Click Next.
  5. Select an Add group member action.Add group member
  6. In the Edit actions > Add group member tab,
    • Grant the access permission as same as in the trigger part above.
    • In the User field, type {{ and select the {{ primaryEmail_xxxxxx }} variable. The variable represents the primary email of user created in Google Workspace. It's like a placeholder until the user is created and the rule runs.
    • In the Group field, select the group everyone will be part of.select the group
  7. Click Review.
  8. In the Review page, give the automation rule a name to easily remember.
  9. Click Create.
  10. Your rule may look like thisresults

You are all set. Now try adding an user in Admin Console and notice if they are added to the groups you configured in the rule.

Yes? Cool, let's move on.

Case B. Groups for new users under specific OUs

The majority of steps are identical to Case A. In Case B, we add one rule for each OU.

  1. In Rules page, Click new rule button to create a new rule.
  2. Select the User created trigger.
  3. In the Edit trigger page, grant the permission like in Case A. Now it comes the difference.
    1. Click Add Condition.
    2. Select Org Unit Path as the field, is as the operator and an Organizational Unit Path from the drop down menu. An organizational unit path is just an alternative representation of OU separated by a forward slash /. In this screenshot, we want all users created under R&D > Design OU to take further actions.
      Add a condition in Foresight
  4. Click Next.
  5. Now follow Step 5 in Case A. Steps are the same.

Now to test the rule you just created, try to add a user in the OU specified in the rule trigger condition. Verify if the user is automatically assigned to the OU specific group. You can also verify if a user who's created outside the OU is excluded from the rule.

Adding new users to groups may not be immediately reflected in the Admin Console. Please allow up to 24 hours to see the changes. Learn more about How changes propagate to Google services.

What's next?

By automating the process, Google Workspace Administrators will further free up time and focus on other creative work. This is one of employee onboarding automation articles. What's more powerful is combining with other actions, Automated Welcome Email to Google Workspace New Users, or rules, Create Google Workspace users by schedule, Suspend Google Workspace users by Schedule to skyrocket your productivity.

Share on LinkedIn Share on Reddit Share on Pinterest