To add an Azure AD Workspace Connector/ User Directory, navigate to KSSO > Cloud user provisioning. Then add an Google GSuite connector.
...
The below form should appear. The next step is to create an application and credentials in GSuite, which will allow you to complete the form and synchronize users and groups.
...
Create a GSuite service account
Open a separate browser tab and log into the GSuite developer console at https://console.developers.google.com
...
Click SHOW DOMAIN-WIDE DELEGATION and check Enable G Suite Domain-wide Delegation
Click SAVE
Scroll list of service accounts all the way to the right to see Domain wide delegation column (see image below).
Click View Client ID and copy the Client ID value to clipboard. You will use it in the next step
...
Enable API access for the service account
In a separate browser tab, open the main GSuite admin portal https://admin.google.com.
...
Finally, click Authorize.
Create a user account for service account to impersonate
Go back to https://portal.google.com and click the Users icon.
Click the "Add new user" button in the middle of the page Suggested values when creating user:
First name: jira
Last name: read
Primary email address: "jira-read@<yourdomain.com>"
You do not need to set a password
Click "Create"
Cut & paste the account username into the "Admin account address" form field in KSSO. Also make a note of it as it will be needed again later.
Add an assign a read-only security role
Go back to https://portal.google.com. From the top left navigation menu, select Account, then Admin Roles.
...