# Google Workspace

Google Workspace (opens new window), formerly known as G Suite, is a collection of cloud computing, productivity, and collaboration tools developed by Google.

Workato enables you to add, delete, update, fetch, or search for objects, such as users, groups, or roles. For example, when onboarding new employees, you can use the Google Workspace connector to automatically add their details to Google Workspace.

# API version

The Google Workspace connector uses the Google Admin SDK (opens new window) to connect to admin services.

# How to connect to Google Workspace

The Google Workspace connector supports the following authentication methods:

# OAuth 2.0 authentication

Complete the following steps to connect to Google Workspace using OAuth 2.0 authentication:

1

Click Create > Connection.

2

Search for and select Google Workspace as your connection.

3

Provide a name for your connection in the Connection name field.

4

Use the Location drop-down menu to select the project where you plan to store the connection.

5

Select OAuth 2.0 in the Authentication type drop-down menu.

6

Optional. Expand the Advanced settings section and select OAuth 2.0 scopes to request for your connection.

In addition to your selected scopes, Workato requests the following scopes by default:

Description Scope requested
View and manage the provisioning of users on your domain admin.directory.user
View and manage organization units on your domain admin.directory.orgunit
View and manage the provisioning of domains for your customers admin.directory.domain
View and manage the provisioning of user schemas on your domain admin.directory.userschema
View and manage the provisioning of groups on your domain admin.directory.group
View and manage group subscriptions on your domain admin.directory.group.member
View and manage data transfers between users in your organization admin.datatransfer
Manage your mobile devices by performing administrative tasks admin.directory.device.mobile.action
View audit reports for your G Suite domain admin.reports.audit.readonly
View usage reports for your G Suite domain admin.reports.usage.readonly
Manage delegated admin roles for your domain admin.directory.rolemanagement
Manage data access permissions for users on your domain admin.directory.user.security

Refer to Google's Directory API scopes (opens new window) or OAuth 2.0 Scopes for Google APIs (opens new window) guide for more information about scopes.

7

Click Sign in with Google.

Connect to Google WorkspaceConnect to Google Workspace

8

Sign in with your Google account. Your Google account must have admin privileges to make organization-wide changes in Google Workspace.

9

Click Allow to enable Workato to access your Google account.

Enable Workato to access your Google accountEnable Workato to access your Google account

# Service account authentication

You can also authenticate Google Workspace using a Google Cloud service account. A service account is a type of Google account associated with your Google Cloud Project that can run API requests on your behalf. Using a service account can ensure that a solution continues running even if an individual user's permissions change. Refer to the Google documentation on service accounts (opens new window) for more information.

You must sign in to your Google Cloud Platform (GCP) console to create a service account. Refer to the Google Cloud documentation to learn how to complete the following:

ONLY DOWNLOAD KEY FILE ONCE

After you download the key file, you can't download it again.

Getting GCP Project service account email

Input field Description
Connection name Provide a name that identifies the Google Workspace instance where Workato is connected.
Location Select the location where you plan to store your connection.
Authentication type Select Service account as your authentication type.
GCP project service account email Enter the service account's email address.
Private key Enter the private key obtainable from the downloadable JSON. Include both the -----BEGIN PRIVATE KEY----- to -----END PRIVATE KEY-----\n.
User email Enter the email address of the user account to impersonate. Workato performs actions on behalf of the impersonated email through the authenticated service account.

REQUIRED SCOPES FOR SERVICE ACCOUNT AUTHENTICATION

To successfully connect to Google Workspace using a service account, the following permissions are required:

  • admin.directory.user
  • admin.directory.orgunit
  • admin.directory.domain
  • admin.directory.group
  • admin.directory.group.member
  • admin.datatransfer
  • admin.directory.device.mobile.action
  • admin.directory.userschema
  • admin.reports.audit.readonly
  • admin.reports.usage.readonly
  • admin.directory.rolemanagement
  • admin.directory.user.security

The service account impersonates the user based on the email input provided during the connection setup after authentication is complete.


Last updated: 3/27/2025, 6:02:28 PM