Identity providers
      Back to home
      1. Home
      2. Integrations
      3. Identity providers

      Google Workspace Integration

      Overview

      Integrate Google Workspace with your platform to sync key data, including:

      • Users list
        • First, Last Name
        • Email
        • Avatar
        • Organisational unit
      • Third-party app list
        • App names users ever signed in with Google SSO (your corporate domain)
        • Date of last activity per those apps
      • Organisational units
        • List of units
        • What user assigned to what unit

      NOTE: this is the read-only integration

      Prerequisites

      • Enable API access in Google Workspace. Guide by Google
      • For pulling usage, ensure read-only access via the OAuth scope /admin.reports.audit.readonly.
      • Connect only Admin Google Workspace account while integration set up
        • it's super important because we won't be able to fetch your domain data with regular account connection

       

      Connection Steps

      1. Navigate to the Integrations page
      2. Click 'Connect' at Google widget
      3. Select workspace account
      4. Accept access level provided

      Connect and Test

      • After configuring the settings and scopes, Spendbase starts pulling the data 
        • usually the status at widget changes to Getting data
        • it may take some time (from a couple of seconds up to 30 minutes)
      • As soon as the sync is done user will be notified:
        • in In-app notification with successful status 
        • status at widget changes to Active

       

      Disconnect:

      1. User can disconnect the GWS any time
      2. Click on status on widget (Active, Actions required)
      3. Click Disconnect

       

      List of required scopes

      Scope Description What for
      /admin.directory.user.readonly See info about the users in your team (domain) We need it to sync and pull all the users you have in your GWS domain so that we can track where they sign-in with corporate Google SSO
      /admin.reports.audit.readonly See report on what 3-rd party app users use We need it to show the last time user signed in with corporate Google SSO to a particular 3-rd party app detected
      /admin.directory.orgunit.readonly See org units per domain We need it to assign existing org unit to a particular user
      /admin/directory.user.security Have tokens to access GWS for 3-rd party apps (Spnedbase in our case) We need this cope to have uninterrupted access to GWS. Otherwise the connection will be failing all the time and the constant syncing of the data will be impacted