SaaS Management integrates directly with Google, so you can view all user activity within the application. The integration gives you the usage data you need to make informed decisions on inactive licenses and any renewal or purchasing options. For example, you can view the number of users who accessed Google within a given time range to determine if their licenses are needed. You can also audit apps that have access to your G-Suite.
Integrating with Google
SaaS Management must have Super Admin access to authenticate with Google.
Note
Before you integrate the applications, make sure you have signed out of your individual account within your organization and are signed in to the appropriate service account with the required permissions.
- From the SaaS Management navigation menu, select Integrations.
- Select the Google tile.
- Select Add Integration.
- Sign in to your Google account with the appropriate permissions.
- Select Allow to accept the requested permissions and complete the integration.
Required Permissions
SaaS Management requires Super Admin access to pull usage data for Google users. SaaS Management requires super admin functionality to read third-party authentications of other users within the organization.
You can authorize with a delegated admin permission, but you will not see any data in SaaS Management's compliance offering.
Requested Scopes
SaaS Management requests the following scopes:
| Scope | Description |
|---|---|
https://www.googleapis.com/auth/userinfo.profile |
View your basic profile information. |
https://www.googleapis.com/auth/userinfo.email |
View your email address. |
https://www.googleapis.com/auth/admin.directory.orgunit.readonly |
View organization units on your domain. |
https://www.googleapis.com/auth/admin.directory.user |
View users on your domain. |
https://www.googleapis.com/auth/admin.directory.user.security |
View and manage OAuth permissions for users on your domain. |
https://www.googleapis.com/auth/admin.reports.audit.readonly |
View audit reports for your G-Suite domain. |
https://www.googleapis.com/auth/admin.reports.usage.readonly |
View usage reports for your G-Suite domain. |
https://www.googleapis.com/auth/apps.licensing |
View G-Suite licenses for your domain. |
User Metadata
SaaS Management pulls the following user metadata from Google. You can filter your usage data by these fields:
| Field | Description |
|---|---|
| Admin | Indicates whether a user is a Super Admin. |
| Archived | Indicates whether a user is archived. |
| Delegated Admin | Indicates whether the user is a delegated administrator. |
| Enforced In 2SV | Indicates whether 2-Step verification is enforced. |
| Enrolled In 2SV | Indicates whether the user is enrolled in 2-Step verification. |
| Mailbox Set Up | Indicates whether the user's Google mailbox is created. Note: This property is only applicable if the user has been assigned a Gmail license. |
| Organizational Units | The organizational group that the administrator added the user to. By default, users are placed in the top-level (parent) organizational unit. |
| Suspended | Indicates whether the user's account is suspended. |
| Suspended Time | The time the user was suspended. This field will only have a value if the user is suspended. |
| Suspension Reason | The reason why an administrator or Google suspended the user's account. |
Documentation Feedback
Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://platform.sailpoint.com/discuss/tos.