Add Support for Multiple Admin Emails to Retrieve Group Lists from Different Google Workspaces

[vsychov]

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.

Problem Description

The Google connector in Dex currently supports auth via multiple google domains, but fetching group lists only from a single Google Workspace. However, this limitation makes it imposible for organizations with multiple different Google Workspaces to retrieve their groups, even if all of them have domain-wide delegation since each domain will have its own adminEmail address.

E.g. 2 google workspaces:
domain1.com - adminEmail need be setted to [email protected]
domain2.com - adminEmail need be setted to [email protected]

Proposed Solution

I suggest fixing this behavior by introducing an additional configuration parameter called adminEmailsMapping, while marking the current adminEmail parameter as deprecated. The new configuration parameter should look like this:

adminEmailsMapping:
  domain1.com: [email protected]
  domain2.com: [email protected]
  domain3.com: [email protected]
  ...

If this proposal is accepted, I will prepare a PR with the corresponding changes.

Alternatives Considered

I have considered the possibility of using multiple instances of the Google connector, but this would lead to increased UX complexity for end users.

Additional Information

The implementation of this feature would greatly improve the user experience for organizations with multiple Google Workspaces, enabling them to manage their groups more efficiently.

[vsychov]

Hi, @JoelSpeed, @nabokihms, @sagikazarmark, @bonifaido, @rithujohn191, @justaugustus what do you think?

[vsychov]

Closed by #2911