Skip to content
  • There are no suggestions because the search field is empty.

Cloud Sync

Panel syncs with Google and Microsoft Azure to import People (and Chromebooks from Google) — configure one or both here.

Cloud Sync

Panel synchronizes with both Google Cloud and Microsoft Azure to import People, and imports Chromebook Assets from Google. To use these features, configure synchronization permissions for one or both clouds.

Using One or Both Clouds

You can sync with Google, with Microsoft, or with both. If you use both, Google synchronizes first and Azure second. Because Azure runs second, any differences in People data from Azure overwrite the values imported from Google.

For example, if a person is bob@example.com named “Robert Smith” in Google and “Bob Smith” in Azure, Panel shows “Bob Smith.” People are merged across clouds by email address, so a person present in both must be removed from both before they’re removed from Panel.

Google Workspace Sync

Google sync imports People, your OU hierarchy, and Chromebooks (as Assets). Authorization must be performed by a K12Panel administrator who also has the necessary Google Workspace rights (commonly, but not necessarily, a Super Admin).

  • On the Cloud Sync tab, click Authorize Panel to Perform Google Workspace Sync.
  • Google asks you to approve several read-only (view) permissions — grant them. Panel cannot make changes in your Google Workspace.
  • An initial sync starts automatically; further syncs run several times a day. Use Request Immediate Cloud Sync Refresh to run one now.

No passwords are stored in K12Panel. Authorization is a token your Google Workspace verifies via the Google API each time it’s used, and you can revoke it anytime — from the Cloud Sync tab (De-Authorize) or directly in Google under your account’s third-party access settings. If you revoke it, no further syncs run until you re-authorize. For full details, see the Google Workspace Integration article.

Microsoft Azure Sync

Azure sync imports People only. Rather than an OAuth consent flow, you create an Azure App Registration, grant it read-only access to users, and copy a few values into Panel:

  • In the Azure Portal, create a new App Registration (single-tenant; no redirect URI needed).
  • Under Certificates & secrets, create a client secret (24 months) and copy its Value immediately — Azure hides it afterward.
  • Under API Permissions, add Microsoft Graph → Application permissions → User.Read.All, then Grant admin consent.
  • In Panel, click Add Azure Sync Settings and enter the Client ID (Application (client) ID) and the Secret value.

Panel reminds you when a secret nears expiry; create a new one and update it when needed. For full details, see the Microsoft Azure Integration article.

Common Questions

Can I sync People from both Google and Microsoft?
Yes. Google runs first; Azure runs second and overwrites matching People values.

Does Cloud Sync import devices?
Google imports Chromebooks as Assets; Azure imports People only.

Are passwords stored?
No. Google uses a revocable token; Azure uses an app registration secret you control.

How do I remove a person from Panel who’s in both clouds?
Remove them from both Google and Azure; they’re merged by email and persist until gone from both.

How do I force a sync now?
Use Request Immediate Cloud Sync Refresh on the Cloud Sync tab.