Add Support for Multiple Admin Emails to Retrieve Group Lists from Different Google Workspaces #2895
Description
Preflight Checklist
- I agree to follow the Code of Conduct that this project adheres to.
- I have searched the issue tracker for an issue that matches the one I want to file, without success.
Problem Description
The Google connector in Dex currently supports auth via multiple google domains, but fetching group lists only from a single Google Workspace. However, this limitation makes it imposible for organizations with multiple different Google Workspaces to retrieve their groups, even if all of them have domain-wide delegation since each domain will have its own adminEmail address.
E.g. 2 google workspaces:
domain1.com - adminEmail need be setted to admin@domain1.com
domain2.com - adminEmail need be setted to admin@domain2.com
Proposed Solution
I suggest fixing this behavior by introducing an additional configuration parameter called adminEmailsMapping, while marking the current adminEmail parameter as deprecated. The new configuration parameter should look like this:
adminEmailsMapping:
domain1.com: admin@domain1.com
domain2.com: admin@domain2.com
domain3.com: super-mega-admin@domain3.com
...If this proposal is accepted, I will prepare a PR with the corresponding changes.
Alternatives Considered
I have considered the possibility of using multiple instances of the Google connector, but this would lead to increased UX complexity for end users.
Additional Information
The implementation of this feature would greatly improve the user experience for organizations with multiple Google Workspaces, enabling them to manage their groups more efficiently.