All Collections
Managing Your Vendr Account
Integrations
Identity Provider (IdP) Integrations
Google Workspace
Google Workspace

Automatically sync all of your Google Workspace users into Vendr.

Chris Morris avatar
Written by Chris Morris
Updated over a week ago

This article applies to:

Admins

Free, Premium Procurement

Estimated time: Less than 10 mins

About this article

Automatically provision and de-provision users in Vendr using Google Workspace. This article covers creating a Google Workspace API token, installing the integration, and syncing user profile fields.

How it works

The Google Workspace integration syncs your Google users into Vendr in just a few clicks. Connecting Vendr to your Google Workspace instance lets you quickly deploy Vendr across your entire organization. Whenever a user is added or leaves your organization, they'll automatically be added or removed from your Vendr organization.

Common uses of the Google Workspace integration

Automatically provide access to Vendr to all of your employees

Provide access to Vendr in a few clicks and keep those users in sync with your Google Workspace directory using SCIM.

Sync key employee details

Effortlessly sync key employee details such as Name, Email, Title, and Manager from Google Workspace to Vendr with just a few clicks.

Assign approval steps in procurement requests to an employee's manager.

Streamline the approval process by ensuring tasks are routed to the appropriate stakeholders for review.

NOTE

Installing the Google Workspace integration does not enable SSO. To allow users to sign in using Google SAML you'll also need to configure SSO. Learn more.

Overview

To give users access to Vendr for seamless account provisioning and de-provisioning using Google Workspace, you will:

Requirements

  • Must be a Vendr admin

  • Must be a Google Workspace super admin

Create an API Token

  1. Log in to your Google Admin console

  2. In the main menu, select Security and then Access and data control, and then select API controls

  3. Select Manage Domain Wide Delegation and select Add new

  4. In the "Client ID" field, paste the following: 107583134982268733477

  5. In the "OAuth scopes", paste the following:

    https://www.googleapis.com/auth/admin.directory.user.security
    https://www.googleapis.com/auth/admin.directory.user.readonly

  6. Click Authorize

Install the integration

  1. Navigate to Vendr and then select admin and then all integrations

  2. Look for the Google Workspace integration under Identity providers

  3. Select Install via Google Workspace and install the Google Workspace app

  4. Select Admin Install and continue

  5. Select whether you want to sync all users or specific groups and then press I agree

πŸŽ‰ Congrats! Your integration is now connected.

NOTE

It may take up to 24 hours to sync all of your users. You can use this page to verify the user sync has been completed.

Sync user profile fields

The Google Workspace integration supports syncing the following user profile fields.

  • First Name

  • Last Name

  • Email

  • Manager

  • Job Title

Google Workspace Field

Vendr Field

Notes

Full Name

Name

Primary Email

Email

Title

Title

Manager

Manager

Must be manager id or manager email

N/A

Direct Reports

This is populated based on the user's assigned Manager in Azure

NOTE

Syncing of additional fields (standard or custom) is not currently supported.

NOTE
If you do not see these fields populated in Vendr you should verify that your user records are mapped to the appropriate Google Workspace fields in the table.

Permissions

Vendr only accesses the following data from your Google Workspace organization.

πŸ‘οΈ Vendr will be able to view:

  • Data about your users

  • Data about your user details

🫳 Vendr will be able to do:

  • Nothing

API Scopes

Admin - Directory User Security

Purpose: Uncover OAuth logins & relationships to apps

Scope: https://www.googleapis.com/auth/admin.directory.user.security

Allows:

View and manage data access permissions for users on your domain

Admin - Audit Reports

Purpose:

Scope: https://www.googleapis.com/auth/admin.reports.audit.readonly

Allows:

  • View audit reports of admin and user activity in your Google Workspace domain (e.g., password change events and document view events)

Admin - Directory User

Purpose: Enumerate all Google Workspace accounts and associated information.

Scope: https://www.googleapis.com/auth/admin.directory.user.readonly

Allows:

  • View access to user profile info on the domain such as names, emails, addresses, phone numbers, metadata, including user's role, manager info, and last login time

Related Articles
JumpCloud
Azure Active Directory
Okta
OneLogin
Workday
Did this answer your question?