This article is written for G Suite Administrators.

G Suite Administrators often manually add users and then manually update the group membership as new people are hired. Considering there are new employees all the time, the process of assigning these users to organizational unit (OU) specific groups takes a lot of effort. Well, in this article, I will show you how to automate the process and simplify your work using coding free tool Foresight.

If you have yet to install Foresight, check out this quick start.

Video demo

Here is a near real world scenario. We want to

  • assign all new users to 2 company wide groups, All hands group and Company Events group. These groups are meant announcement only so all employees should participate.
  • assign new users in R&D > Engineering OU to the CodeLab group. It’s a group for engineers to discuss technology and troubleshoot programs.
  • assign new users in R&D > Design OU to the DesignGarden group. It’s a group for all designer professionals to share art crafts and exchange design ideas.
  • assign any new employees under Marketing OU (including Digital Marketing and Offline Marketing sub OUs) to the Market Insights group. It’s a group where both digital marketers and offline marketers share and learn latest market news, trends and analysis.

To demonstrate the automation, we have 4 new employees joining the teams. This table lists their OUs and the groups to which they will be automatically assigned.

NameOrganizational UnitGroups to assign
Viola JefferiesR&D > DesignAll hands, Company Events, DesignGarden
Adam BowserR&D > EngineeringAll hands, Company Events, CodeLab
Dennis NewportMarketing > Digital MarketingAll hands, Company Events, Market Insights
Jennifer KrehbielMarketing > Offline MarketingAll hands, Company Events, Market Insights

Instructions

It’s not hard to understand how it works from watching the video demo. Basically create a rule for each OU you planned to assign its new users to specific groups. For groups of which you want every new account to be a member, create an additional rule too. Let me expand it.

Case A. Groups for all new users

  1. In Rules page, Click new rule button to create a new rule.
  2. Select the User created trigger.
    Select the User created trigger in Foresight
  3. In the Edit trigger page, grant Foresight permission if you see Request access permission or Access expired. Once you granted the permission, the status changed to Access granted.
    Note: since it’s an Administrative rule, in addition to grant access permissions, you also have to set Admin API enabled in Admin Console. Otherwise, this rule will fail by the time it runs.
  4. Click Next.
  5. Select an Add group member action.
    Select an Add group member action in Foresight
  6. In the Edit actions page
    1. Grant the access permission as same as in the trigger part above.
    2. Input {{ primaryEmail }} in the User field. It’s a variable representing the primary email of user created in G Suite. It’s unknown until the user is created and the rule runs. Alternative, if you type {{, a context menu will pop up and select it from the menu.
    3. In the Group field, select the group everyone will be part of.
      Edit Add group member action in Foresight
  7. (Optional) If you have more groups to add, click the + button to add another Add group member action and do the step 6 again except choosing a different group name.
  8. When you have added all groups, click Next.
  9. In the Review page, give the automation rule a name to easily remember. Also, you will see a visual representation of the automation rule. Then click Create.
    Rule review in Foresight

You are all set. Now try adding an user in Admin Console and notice if they are added to the groups you configured in the rule.

Yes? Cool, let’s move on.

Case B. Groups for new users under specific OUs

The majority of steps are identical to Case A. In Case B, we add one rule for each OU.

  1. In Rules page, Click new rule button to create a new rule.
  2. Select the User created trigger.
  3. In the Edit trigger page, grant the permission like in Case A. Now it comes the difference.
    1. Click Add Condition.
    2. Select Org Unit Path as the field, is as the operator and an Organizational Unit Path from the drop down menu. An organizational unit path is just an alternative representation of OU separated by a forward slash /. In this screenshot, we want all users created under R&D > Design OU to take further actions.
      Note if you select an OU with nested OUs, all new users in the descendant OUs will also be included in the rule.

      Add a condition in Foresight
  4. Click Next.
  5. Now follow Step 5 in Case A. Steps are the same.

Now to test the rule you just created, try to add a user in the OU specified in the rule trigger condition. Verify if the user is automatically assigned to the OU specific group. You can also verify if a user who’s created outside the OU is excluded from the rule.

What’s next?

By automating the process, G Suite Administrators will further free up time and focus on other creative work. This is one of employee onboarding automation articles. What’s more powerful is combining with other actions, Automated Welcome Email to G Suite New Users, or rules, Create G Suite users by schedule, Suspend G Suite users by schedule to skyrocket your productivity.