Pulling user's location and adding it in claims (google workspace)

What happened?

I am trying to pull user’s location in the claims.
We have the directory sync configured between Pomerium and Google workspace and able to retrieve the groups. But we also require user’s location (country in the user’s profile) to be sent in the claims. But I don’t see any docs to confirm whether the directory sync can pull other attributes of user apart from groups or not

What did you expect to happen?

A way to configure the sync to pull specific user attribute from google directory

What’s your environment like?

Pomerium OSS v0.19.2

It doesn’t look like country is part of the google’s workspace User object properties - their location property is mentioned to be a rather free-form field REST Resource: users  |  Admin console  |  Google for Developers

I do not think Google OIDC allows you to map any of the custom user properties into claims.

what you may try to do is clone datasource/pkg/directory/google at main · pomerium/datasource · GitHub and write your own external data source exporter that would

• export a different kind of object - i.e. yourcompany.com/UserLocation
• map user ID to location, and then bind it with user.id External Data Sources | Pomerium
• have country attribute, derived from google’s User.location attribute (or other)

once you do that, you should be able to account for it in your policies.

Thank you for the details.
Is it possible to add this custom external data source to Pomerium OSS (the docs I saw has details on adding in the enterprise UI so not sure whether is it possible in OSS)

I could find in the enterprise feature comparison that external data source is only available in enterprise. Thank you

Hi Dinesh,

Would you like to trial enterprise?

Will get back after checking with the team

Hi Dinesh,

Following up on this! Your team can sign up to trial enterprise at this link.