Your RM Unify establishment is federated to Google Workspace. New RM Unify users are not appearing in Google Workspace and changes made to existing RM Unify users are not reflected in Google Workspace either.

When resetting a user's password via the RM Unify Management Console, you may also see an error:

"The new password has been successfully applied to the user's RM Unify account, but couldn't be applied to his or her Google Workspace account ..... because Google Workspace threw an unexpected error" or "The failed operation will be automatically retried. If the problem persists, please contact RM Support."

This can occur in the following circumstances:

1. The Google Workspace user account originally used when setting up Google Workspace with your RM Unify establishment is suspended and no other Google Workspace Super Admin has the Google API rights assigned for RM Unify. When setting up Google Workspace , we recommend creating and using a unique account in the name of 'rmunifyprovisioningaccount' but you may have chosen a different account at the time.
2. Authorised access for the RM Unify service has been removed from the Google Workspace user account used when first setting up Google Workspace with your RM Unify establishment.
3. An RM Unify Super Admin with a non-Super Admin Google Workspace user account has authorized access for the RM Unify service when setting up group sync to Google Classroom. A Super Admin Google Workspace user account is required.

1. Log on to Google Workspace as a Super Admin user.
2. From the Admin console, select Directory and then Users.
3. Click 'Add a filter', select Admin role, tick the Super Admin box and click APPLY.
4. Select the user account originally used in the federation process. This may be 'rmunifyprovisioningaccount' or another account. If you are unsure, please contact RM Cloud Support and we can help you to identify the correct account.
   Note: If you do not want to reactivate the original account, please follow the instructions in the 'Re-grant authorised access for the RM Unify service' section below to grant access via a different Google Super Admin user.
5. Select the REACTIVATE option and then in the pop-up, select REACTIVATE.
6. Log on to RM Unify as an RM Unify Super Admin user.
7. From the App Library, select a Google Workspace tile.
8. Under Support Info, click 'Click here' to resync user accounts.

1. Log on to Google Workspace as a Super Admin user.
2. From the Admin console, select Directory and then Users.
3. Find and select the user account originally used in the federation process. This may be 'rmunifyprovisioningaccount' or another account. If you are unsure, please contact RM Cloud Support and we can help you identify the correct account.
4. Select the Security section.
5. In 'Connected applications', check that RM Unify is listed.
6. Select the 'Connected applications' section and then RM Unify in the pop-up to confirm the following are present:
   • Manage your domain settings
   • View and manage organization units on your domain
   • View and manage the settings of a G Suite group
   • View and manage the provisioning of users on your domain
   • View and manage the provisioning of user schemas on your domain
   • View and manage the provisioning of groups on your domain

1. Sign out of any existing Google Workspace browser sessions.
2. Log on to RM Unify as an RM Unify super admin user.
3. Select App Library.
4. Select a Google Workspace tile that has been set up for your establishment, e.g. Google Drive.
5. Within the Support Info section: 'You have given permission to RM Unify to manage your user and group data in Google Workspace. Need to do this again?', select the 'Enable Google APIs' button.
6. A new tab will open with a prompt to sign in to Google Workspace
   Important: you must sign in as a Google super admin user.
7. Once signed in to Google, tick all the boxes on the Google consent page and click Continue.
   Note: If you are re-authorising consent after already having done so recently, you will see a different Google window (please see the image below), where you should click Continue.

8. You will be returned to the Google Workspace app in the RM Unify App Library.
9. Close the app window.

While following the procedure 'Re-grant authorised access for the RM Unify service' above, if you see a Google 'Access blocked' window (see screenshot below), please follow the steps below:

1. Sign in to the Google Admin console as a Google super admin.
2. Navigate to the 'App access control' section and under 'Apps pending review', select 'View list'.
3. On the RM Unify app (see Note below) listed, select 'Configure access'.
4. Tick the 'Org units' box and select 'Configure access'.
5. Leave Scope as the default selection ('Select org units') and click Next.
6. Click the Trusted radio button and click Next.
7. On the penultimate page, select CONFIGURE ACCESS and click CONFIRM.

Once complete, the RM Unify app will appear listed in the 'Configured apps' section of Apps Access Control.

Note: RM Unify App ID = 995048774333-gqihvpnuajpllh4h1ft29bg90ghrqqer.apps.googleusercontent.com.