Google Workspace

Sync users, groups, and group memberships from Google Workspace. Also discovers OAuth clients, service accounts, and domain-wide delegation grants.

Source connector

Source connector — pulls identity and access data from Google Workspace into ComplianceScout where it is scored against your compliance frameworks and violation rules.

What ComplianceScout collects

After a successful sync, the following data is available in your ComplianceScout dashboard for violation detection and reporting.

All Workspace users with status (active, suspended, archived), profile data, and org unit
Google Groups and group memberships including nested group resolution
MFA enrollment status per user (enrolled, not enrolled, enforced)
OAuth app grants and domain-wide delegation configurations
Service accounts and their domain-wide delegation scopes
Admin roles and admin role assignments

Required credentials

These fields are collected when you add the connector in the ComplianceScout dashboard. Secrets are encrypted at rest using AES-256-GCM and are never logged.

Field	Type	Required	Notes
Service account email	Text	Required	The client_email field from your service-account JSON key.
Private key	Secret	Required	The private_key value from your service-account JSON key, including BEGIN/END markers.
Admin email to impersonate	Text	Required	Workspace admin user with Reports Audit + Directory privileges.

How to set up this connector

Follow these steps to gather the credentials above and connect Google Workspace to ComplianceScout.

In the Google Cloud Console, create a new project (or use an existing one) and go to IAM & Admin → Service Accounts → Create Service Account.
Name it "compliancescout" and skip optional fields. Click Create, then under Actions → Manage keys → Add key → JSON. Download the key file.
In the Google Workspace Admin Console (admin.google.com), go to Security → API controls → Domain-wide delegation → Add new. Enter the service account's Client ID (from the JSON key) and these OAuth scopes: https://www.googleapis.com/auth/admin.directory.user.readonly, https://www.googleapis.com/auth/admin.directory.group.readonly, https://www.googleapis.com/auth/admin.reports.audit.readonly.
In ComplianceScout, go to Data & Secrets → Integrations → Add Connector → Google Workspace. Paste the service_account_email and private_key from the JSON key file, and enter the email of a super-admin to impersonate.
Click Test Connection and Save.

Ready to connect Google Workspace?

Start a free trial — your tenant is provisioned instantly and you can wire up this integration from the connectors page.

Start a free trial Add connector →