How can we help?

Torii “Read-Only” Integration with Google Workspace Tenant

Noga Tubi
Noga Tubi
  • Updated


To create a Torii “Read-only” integration with your Google Workspace tenant, create a custom admin role in Google Workspace with minimal privileges and assign this role to the service account used for Torii integration. 

Creating a custom admin role with these privileges limits access to very specific capabilities.
This approach does NOT require using the Google Workspace Super Admin role.


Create the custom role.

  1. Log into your Google Workspace tenant with Admin privileges
  2. Select Account >> Admin roles >>  Create new role 
  3. Fill in the Name and Description fields.
  4. Under Admin Console console privileges, select the following
    • Organizational Units - Read
    • Users - All
    • Security - User Security Management
    • Reports
  5. Under Admin API privileges, select the following
    • Organizational Units - Read
    • Users - All (inherited from admin console)
    • Groups - Create Read Update
    • User Security Management
    • Data Transfer
    • Schema Management - All
    • License Management - All
    • Billing Management - All
    • Domain Allowlist Management - All
    • Add security label on groups resource

  6. Assign a user to the role.
  7. Search for the user and click on Assign Role

Connect via Torii’s Integrations page

NOTE:  If you receive an error message connecting to Google via Torii’s Integrations page, please do the following:

  1. Go to the Torii Integrations page, >>  Google Workspace tile
  2. Click Connect.
  3. Select the “connect-link” to copy the connection link to your clipboard.
  4. Open an Incognito / Private browsing session, paste the link, and complete the steps required.

For additional documentation, please see the Google Workspace Integration Documentation.


Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request