Overview
Google Workspace is one of Spendflo's foundational integrations and provides a wide range of capabilities. This integration is read-only and does not have permission to affect your organization.
Integrating Google Workspace provides many forms of visibility into your organization:
- Visibility of the people in your organization
- Visibility into the apps authenticated with Google Workspace
Prerequisites
To begin the installation, you must be a Google Workspace Domain Administrator (User Admin). If you have someone in your organization who can create Google Workspace Accounts, they are likely an administrator. For more information on the domain permissions settings we request, please review the integration permissions later in this
article.
Create a dedicated Spendflo Google Workspace admin account
When you connect Spendflo to your Google Workspace, the account to establish the connection needs administrative access rights. While logging in with an existing administrator account is convenient, we recommend creating dedicated accounts for Spendflo to connect.
You may want to consider a standard account name/email to use for all dedicated Spendflo connections, e.g., spendflo.serviceaccount@yourorg.com
Benefits of a dedicated Spendflo admin account
- Clarity in audit logs: Let's say you want to connect to Quickbooks. If you use your personal administrator account to connect, any actions performed by Spendflo will probably be recorded in the Quickbooks audit log as coming from your user account. Additionally, you may be using this account to integrate with other systems, too, so those actions will get assigned to your user as well. This will make proper audits difficult. You won't necessarily know which system did what or whether it was you performing the actions. From an audit perspective, it is preferable for each connecting system to have its own user account so that audit log entries can be clearly differentiated.
- Future-proof: People change roles and sometimes leave organizations. Suppose your integrations are connecting using a specific individual's account. If they move roles, they may lose their administrative rights, or the account may be terminated completely if they leave your organization. At this point, a new person will need to reconnect the integration. Having a dedicated Spendflo account for an API connection avoids these concerns.
Limitations of connecting with a non-admin role
There are some limitations imposed by Google if you use a non-admin role. These are:
- Spendflo cannot see apps that other Administrator users have connected to with OAuth2 (i.e., 'Sign in with Google').
- No Google Workspace license data will be available in Spendflo.
- These limitations are due to the way Google's API works.
Permissions
Category
Allows Spendflo
Scope & Permission
Admin - Directory User Security
Uncover OAuth logins & relationships to apps, including which fine-grained Google Workspace permissions they were granted.
https://www.googleapis.com/auth/admin.directory.user.security
View and manage data access permissions for users on your domain
Admin - Directory User
Allows Spendflo to enumerate all Google Workspace accounts and add them to our System of Record.
https://www.googleapis.com/auth/admin.directory.user.readonly
View access to user profile info on the domain such as names, emails, addresses, phone numbers, metadata, including user's role, manager info, and last login time.
Category | Allows Spendflo | Scope & Permission |
Admin - Directory User Security | Uncover OAuth logins & relationships to apps, including which fine-grained Google Workspace permissions they were granted. | https://www.googleapis.com/auth/admin.directory.user.security View and manage data access permissions for users on your domain |
Admin - Directory User | Allows Spendflo to enumerate all Google Workspace accounts and add them to our System of Record. | https://www.googleapis.com/auth/admin.directory.user.readonly View access to user profile info on the domain such as names, emails, addresses, phone numbers, metadata, including user's role, manager info, and last login time. |
Installation Steps
Go to Spendflo Integrations Page
Head to the Spendflo Integrations page from Settings>Management Hub>Integrations>Available Apps and click on the Admin Install button under Google Workspace.
If the Spendflo user who is setting up Google Workspace is not the GSuite administrator, then the user can share the app URL with the admin. The admin can then do the admin install. Spendflo detects it automatically if it is installed when they reach this page.
Click Admin Install
After clicking the Admin Install button, the user will be redirected to Google's Marketplace page. A pop-up will appear, and you should click on "Continue" to proceed.
Accept App Permissions
To proceed, the user needs to accept Spendflo's Marketplace App permissions. They have the option to grant permission to either everyone in the organization or select specific groups.
If you select a specific group please note that the group should contain at least one email ID that has the administrator rights
Configure on Spendflo
- Return to Spendflo's Integrations page and click Configure on Google Workspace in the connected apps section.
- A pop-up will appear where you can enter the email ID of the Google administrator.”
- Click Save. You will see a confirmation message at the bottom of the screen saying, “Integration Updated Successfully.”
- You have now successfully set up the Google Workspace in Spendflo. You should be able to see the app usage and spend details under the Insights Page
Uninstalling Google Workspace
If you wish to uninstall the Google Workspace integration with Spendflo, please follow the steps.
- Go to your Google Workspace admin>marketplace https://admin.google.com/ac/apps/gmail/marketplace/apps
- Click on the app “Spendflo” in the table Google Workspace Marketplace apps.
- Click on Uninstall app and then click again on Uninstall in the pop-up.
- The app will be uninstalled
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article