Google Workspace Integration

Created by Shubham Saxena, Modified on Fri, 25 Aug 2023 at 05:40 AM by Shubham Saxena


Overview

Google Workspace is one of Spendflo's foundational integrations and provides a wide range of capabilities. This integration is read-only and does not have permission to affect your organization. 


Integrating Google Workspace provides many forms of visibility into your organization:

  • Visibility of the people in your organization
  • Visibility into the apps authenticated with Google Workspace


Prerequisites

To begin the installation, you must be a Google Workspace Domain Administrator (User Admin). If you have someone in your organization who can create Google Workspace Accounts, they are likely an administrator. For more information on the domain permissions settings we request, please review the integration permissions later in this 

article. 


Create a dedicated Spendflo Google Workspace admin account

When you connect Spendflo to your Google Workspace, the account to establish the connection needs administrative access rights. While logging in with an existing administrator account is convenient, we recommend creating dedicated accounts for Spendflo to connect. 


You may want to consider a standard account name/email to use for all dedicated Spendflo connections, e.g., spendflo.serviceaccount@yourorg.com

Benefits of a dedicated Spendflo admin account

  • Clarity in audit logs: Let's say you want to connect to Quickbooks. If you use your personal administrator account to connect, any actions performed by Spendflo will probably be recorded in the Quickbooks audit log as coming from your user account. Additionally, you may be using this account to integrate with other systems, too, so those actions will get assigned to your user as well. This will make proper audits difficult. You won't necessarily know which system did what or whether it was you performing the actions. From an audit perspective, it is preferable for each connecting system to have its own user account so that audit log entries can be clearly differentiated.
  • Future-proof: People change roles and sometimes leave organizations. Suppose your integrations are connecting using a specific individual's account. If they move roles, they may lose their administrative rights, or the account may be terminated completely if they leave your organization. At this point, a new person will need to reconnect the integration. Having a dedicated Spendflo account for an API connection avoids these concerns.


Limitations of connecting with a non-admin role

There are some limitations imposed by Google if you use a non-admin role. These are:

  • Spendflo cannot see apps that other Administrator users have connected to with OAuth2 (i.e., 'Sign in with Google').
  • No Google Workspace license data will be available in Spendflo.
  • These limitations are due to the way Google's API works.

Permissions


Category

Allows Spendflo

Scope & Permission

Admin - Directory User Security

Uncover OAuth logins & relationships to apps, including which fine-grained Google Workspace permissions they were granted.

https://www.googleapis.com/auth/admin.directory.user.security


View and manage data access permissions for users on your domain

Admin - Directory User

Allows Spendflo to enumerate all Google Workspace accounts and add them to our System of Record.

https://www.googleapis.com/auth/admin.directory.user.readonly


View access to user profile info on the domain such as names, emails, addresses, phone numbers, metadata, including user's role, manager info, and last login time. 

Installation Steps

Go to Spendflo Integrations Page


Head to the Spendflo Integrations page from Settings>Management Hub>Integrations>Available Apps and click on the Admin Install button under Google Workspace.


If the Spendflo user who is setting up Google Workspace is not the GSuite administrator, then the user can share the app URL with the admin. The admin can then do the admin install. Spendflo detects it automatically if it is installed when they reach this page.



Click Admin Install


After clicking the Admin Install button, the user will be redirected to Google's Marketplace page. A pop-up will appear, and you should click on "Continue" to proceed.





Accept App Permissions


To proceed, the user needs to accept Spendflo's Marketplace App permissions. They have the option to grant permission to either everyone in the organization or select specific groups.



If you select a specific group please note that the group should contain at least one email ID that has the administrator rights



Configure on Spendflo

  • Return to Spendflo's Integrations page and click Configure on Google Workspace in the connected apps section.
  • A pop-up will appear where you can enter the email ID of the Google administrator.”
  • Click Save. You will see a confirmation message at the bottom of the screen saying, “Integration Updated Successfully.”
  • You have now successfully set up the Google Workspace in Spendflo. You should be able to see the app usage and spend details under the Insights Page




Uninstalling Google Workspace


If you wish to uninstall the Google Workspace integration with Spendflo, please follow the steps.

  • Go to your Google Workspace admin>marketplace https://admin.google.com/ac/apps/gmail/marketplace/apps
  • Click on the app “Spendflo” in the table Google Workspace Marketplace apps.
  • Click on Uninstall app and then click again on Uninstall in the pop-up.
  • The app will be uninstalled


Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article

Can't find what you are looking for?

Email us at support@spendflo.com