All Collections
Getting started with Nudge Security
OAuth Scopes List for Google Workspace
OAuth Scopes List for Google Workspace

A list of Google Workspace access permissions Nudge Security uses for data analysis

Danielle avatar
Written by Danielle
Updated over a week ago

Nudge Security analyzes data from your Google Workspace account to discover and inventory your entire SaaS footprint, including users and OAuth grants. This requires read-only access to your organization's Google Workspace account.

Here's a list of the current Google Workspace permissions Nudge Security uses and how.

Name

Description

We use this to:

Scope for only retrieving organizational units.

Discover all organizational units and associate them to users.

Read all Gmail resources and their metadata—no write operations.

Analyze mailboxes to discover SaaS activity.

Scope for only retrieving users or user aliases.

Discover all available users.

Scope for only retrieving group, group alias, and member information.

Discover all available user groups.

Scope for access to all application-specific password, OAuth token, and verification code operations.

Discover all Oauth tokens.

Read-only access when retrieving an activity report.

Query the Oauth Tokens' activity.

Scope for only retrieving domains.

Discover all valid domains registered to your organization.

View and manage the settings of a G Suite group

Retrieve user group settings.

When you are configuring your workspace, you can paste the following into your service account using a comma separated list as found below:

https://www.googleapis.com/auth/admin.directory.user.readonly,
https://www.googleapis.com/auth/admin.directory.user.security,
https://www.googleapis.com/auth/admin.directory.orgunit.readonly,
https://www.googleapis.com/auth/admin.directory.group.readonly,
https://www.googleapis.com/auth/gmail.readonly,
https://www.googleapis.com/auth/admin.reports.audit.readonly,
https://www.googleapis.com/auth/admin.directory.domain.readonly,
https://www.googleapis.com/auth/apps.groups.settings


Did this answer your question?