Supported deployment configurations with RM Unify AD Sync and Google Workspace

Technical Rating:

Support

Print This Page

Add to 'My Library'

Supported deployment configurations with RM Unify AD Sync and Google Workspace
Published Date : 07 Jan 2022 Last Updated : 04 Oct 2024 Content Ref: TEC8311721

Operating System	(none)
Part No	(none)
Summary	Provides a summary of the different AD Sync deployment configurations supported.

Symptoms

RM Cloud Service Delivery can assist you with your RM Unify AD Sync installation. For further information, please speak to your Sales representative on 01235 645 316 or email getintouch@rm.com, quoting this article.

This article summarises the supported deployment configurations with RM Unify AD Sync and the available Google Workspace configurations should a site choose to onward provision to Google Workspace.

Procedure

AD type

Google Workspace Organisation topology

RM Unify - supported

Single school
Single Google Workspace per school. Yes with AD Sync v3 and later. See the 'Distributed AD - Private Google Workspace' section below.

Shared Google Workspace with other schools (with shared or individual domains within that organisation). Yes with AD Sync v3 and later and a Trust Parent RM Unify establishment. See the 'Distributed AD - Shared Google Workspace' section below.

Multi-site
Single Google Workspace per school. Yes with AD Sync v3 and later and a Trust Parent RM Unify establishment. See the 'Multi-site AD - Private Google Workspace' section below.

Shared Google Workspace with other schools (with shared or individual domains within that organisation). Yes with AD Sync v3 and later and a Trust Parent RM Unify establishment. See the 'Multi-site AD - Shared Google Workspace' section below.

RM Unify does not support the provisioning of users from the same RM Unify establishment into separate Google Workspace domains. For example, you cannot provision an RM Unify School A student into students.school.com and RM Unify School A staff into staff.school.com.

In a shared Google Workspace, by default, all domains share the same authentication and SSO federation settings.

Trust Parent RM Unify establishment

To deliver the best shared experience when you have a multi-site AD and/or a shared Google Workspace, we will provide you with a Trust Parent RM Unify establishment if you do not have one. This is in addition to an RM Unify establishment for each of your schools. The Trust Parent will be used to register RM Unify AD Sync and will be the first establishment federated to Google Workspace, followed by each school.

Distributed AD - Private Google Workspace

Image showing Distributed AD - Private Google Workspace

Distributed AD - Shared Google Workspace

Image showing Distributed AD - Shared Google Workspace

Multi-site AD - Private Google Workspace

Image showing Multi-site AD - Private Google Workspace

Multi-site AD - Shared Google Workspace

Image showing Multi-site AD - Shared Google Workspace

Checks

Why do I need a Trust Parent RM Unify establishment?

If you have a shared AD and are provisioning users from multiple schools into RM Unify, registering the Trust Parent in RM Unify AD Sync allows us to support the transfer of users between each school's RM Unify establishment. Please refer to TEC6086591 in the Other Useful Articles section below for more information.

If you have a shared Google Workspace, federating the Trust Parent first allows you to later de-federate an individual school, without affecting the remaining schools federated to the same Google Workspace.