Skip to content

Google Workspace GDrive Permissions Reference

The following OAuth scopes are required for SailPoint Entro to perform metadata-based secret scanning within Google Workspace (GDrive).

Required Scopes and Purpose

Scope Purpose
https://www.googleapis.com/auth/drive.readonly Read-only access to all Google Drive files
https://www.googleapis.com/auth/admin.directory.user.readonly Retrieve user metadata for file ownership correlation
https://www.googleapis.com/auth/admin.directory.group.readonly Discover group associations
https://www.googleapis.com/auth/admin.directory.group.member.readonly Retrieve group membership lists
https://www.googleapis.com/auth/admin.directory.customer.readonly Read organizational metadata

Note

Access Model

  • All data is accessed in read-only mode.
  • File content is never modified or stored.
  • Metadata only (name, path, permissions, timestamps) is retrieved.
  • Tokens are AES-256 encrypted in SailPoint Entro’s Worker environment.

Note

Security & Compliance

  • TLS 1.2+ enforced
  • SOC 2 Type II, ISO 27001, GDPR-certified
  • Read-only OAuth access, revocable at any time