Learn about the Google API permissions required for the Google Workspace user directory integration
Integration Overview
The Google Workspace Integration in Kandji allows customers to sync all Google Workspace user and group objects into the user directory within Kandji. These delegated permissions are leveraged through the Google API to synchronize user directory information.
Permissions Overview
The following permissions are automatically requested and required to sync Google Workspace users into Kandji successfully. A Google Administrator must have sufficient permissions to delegate the following permissions to Kandji.
| Permission | Display Text | Justification |
|---|---|---|
| openid | See info about users on your domain | Associate you with your personal info on Google |
| userinfo.profile | See info about users on your domain | See your personal info, including any personal info you've made publicly available |
| userinfo.email | See info about users on your domain | See your primary Google Account email address |
| admin.directory.group.readonly | View groups on your domain | View details (e.g., name, members) and metadata (e.g., login details) of groups on your domain |
| admin.directory.user.readonly | See info about users on your domain | Permission to see profile info about your domain users, such as their: Name, Email, Job Title, and Department |