How can we help?

Google Workspace (G Suite) Integration

Noga Tubi
Noga Tubi
  • Updated

Set up Google Workspace integration and get all the insights in Torii's dashboard

Overview

Torii integrates with Google Workspace (G Suite) and syncs:

  • User list
  • licenses
  • 3rd party application list
  • 3rd party permissions
  • Usage data

Google Workspace integration is an OAuth connection.

Prerequisites

Connect Google Workspace integration

  1. From the Torii Integrations page click on the Google Workspace tile

  2. Click Connect
    mceclip0.png

  3. Your Google Workspace account can be integrated as:

    • "Read-Only" in order to see your Google Workspace data within Torii

    • "Read/Take Action" in order to create workflows and take action directly through Torii.

  4. This step is optional, but if you'd like to perform the "Set Vacation Responder" and "Enable Auto Forwarding" actions from Torii on your Google Workspace users, please follow the below steps.
    Enter the Service Account Email Addressmceclip7.png

    Prerequisites:
    You must have "Super Admin" permissions and a "Service Account".
    In the service account, be sure to include the following scopes
    - For Set Vacation Responder action -https://www.googleapis.com/auth/gmail.settings.basic
    - For Enable Auto Forwarding action - https://www.googleapis.com/auth/gmail.settings.sharing

  5. This step is Optional and dependent on step 4. Add the Service Account Private Key; please add the Service Account Private Key; make sure to copy the entire key as shown in the image.
    mceclip8.png

  6. Click Connect
    mceclip3.png

Read-only

In case you choose to connect to Google Workspace for "Read-only", Torii will require the following permissions:

NOTE: Google documents that a Google Super Administrator user is required to read licenses data in Google's access control policy:

"License Management — This privilege works only in the Admin console and authorizes only super admins to use the License Manager API."

However, we found that creating a dedicated admin role that is not a Super Administrator does allow for reading the License management.
If you have created a dedicated Super Admin user for the integration, make sure you log in with that user and accept any Google Terms of Service.

Without accepting the Terms of Service, Torii's access will be limited.

Read and take actions

In case you choose to connect Google Workspace for Read and take actions you will grant Torii the following permissions:

Application Capabilities and Actions 

You can stay updated about application information and actions from our Integrations Page >> Integration Capabilities button (1) >> Integration Capabilities table.mceclip10.png

Usage

Torii pulls 2 types of usage events and calculates Google Workspace usage based on them:

  • SAML Audit activity events - Usage for apps connected to G-Suite SSO

  • Login Audit Activity Events - General usage for Google Workspace for example 2-step verification enrollment change, Account password change, etc.

On the first usage sync, Torii will pull activity events from the last 30 days.

Troubleshooting

Authorization Error

You might encounter the following Authorization Error

Resolution

  1. From Google Admin page go to Security

  2. API controls

  3. MANAGE THIRD-PARTY APP ACCESS

  4. Click on Add app

  5. Select the OAuth App Name OR Client ID option

  6. Search for Torii

  7. Click Select

  8. Check all Client ID boxes

  9. Select the Trusted option

  10. Click Configure

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request