Google Workspace Directory Permissions

By Jeff Saul

Learn about the Google API permissions required for the Google Workspace user directory integration.

Integration Overview

The Google Workspace Integration in Kandji allows customers to sync all Google Workspace user and group objects into the user directory within Kandji. These delegated permissions are leveraged through the Google API to synchronize user directory information. 

Permissions Overview

The following permissions are automatically requested and required to sync Google Workspace users into Kandji successfully. A Google Administrator must have sufficient permissions to delegate the following permissions to Kandji.

Permission Display TextJustification
openidSee info about users on your domainAssociate you with your personal info on Google
userinfo.profileSee info about users on your domainSee your personal info, including any personal info you've made publicly available
userinfo.emailSee info about users on your domainSee your primary Google Account email address
admin.directory.group.readonlyView groups on your domainView details (e.g., name, members) and metadata (e.g., login details) of groups on your domain
admin.directory.user.readonlySee info about users on your domainPermission to see profile info about your domain users, such as their: Name, Email, Job Title, and Department