According to the docs (https://github.com/awslabs/ssosync#google) a Google Workspace "admin user" is required to sync the directory:
You will have to specify the email address of an admin via --google-admin to assume this users role in the Directory.
Is it required that this admin user has the Super Admin role? Or can we use a different admin role with fewer privileges? We tried using a user with a custom admin role with just the "Users > Read" and "Groups > Read" privileges for the Admin API, but the sync failed with a 403 error.
According to the docs (https://github.com/awslabs/ssosync#google) a Google Workspace "admin user" is required to sync the directory:
Is it required that this admin user has the Super Admin role? Or can we use a different admin role with fewer privileges? We tried using a user with a custom admin role with just the "Users > Read" and "Groups > Read" privileges for the Admin API, but the sync failed with a 403 error.