--- title: Google Workspace API Integration on Truto slug: googleworkspace category: SSO canonical: "https://truto.one/integrations/detail/googleworkspace/" --- # Google Workspace API Integration on Truto **Category:** SSO **Status:** Generally available ## Unified APIs ### Unified HRIS API - **Employees** — Represents an employee in HRIS - **Groups** — Groups represent the groups for an Employee ### Unified User Directory API - **Role Assignments** — - **Roles** — The Role object represents a role of a User. - **Users** — The User object represents a User. ### Unified Single Sign-On API - **App Users** — AppUsers represent the users assigned to an application. - **Apps** — Applications represent the applications that are registered with the SSO service. ## How it works 1. **Link your customer's Google Workspace account.** Use Truto's frontend SDK; we handle every OAuth and API key flow so you don't need to create the OAuth app. 2. **Authentication is automatic.** Truto refreshes tokens, stores credentials securely, and injects them into every API request. 3. **Call Truto's API to reach Google Workspace.** The Proxy API is a 1-to-1 mapping of the Google Workspace API. 4. **Get a unified response format.** Every response uses a single shape, with cursor-based pagination and data in the `result` field. ## Use cases - **Automate employee onboarding and offboarding from Google Workspace** — SaaS companies can sync user lifecycle events from their customers' Google Workspace directories to automatically provision new accounts and instantly revoke access when employees are suspended or removed — eliminating manual seat management and closing security gaps. - **Build org charts and reporting structures without a standalone HRIS** — Many SMB and mid-market customers don't have a dedicated HRIS. By pulling manager, department, and title data from Google Workspace via the Unified HRIS API, SaaS products like performance management or collaboration tools can auto-generate org hierarchies. - **Map Google Groups to in-app roles for automatic access control** — SaaS companies can let their customers define which Google Workspace Groups correspond to specific product roles or permissions, enabling zero-touch role assignment and ensuring access stays in sync as group memberships change. - **Enable enterprise SSO login with Google Workspace** — B2B SaaS products need to support 'Sign in with Google' for their customers' employees. Integrating Google Workspace as an SSO provider reduces login friction, enforces centralized MFA policies, and satisfies enterprise security requirements. - **Audit SaaS app access against Google Workspace identity data** — Spend management and security platforms can reconcile which users have active access to configured SAML/OAuth applications in Google Workspace, helping customers identify unused licenses and shadow IT. ## What you can build - **Real-time user provisioning from Google Workspace groups** — Automatically create or disable accounts in your product when users are added to or removed from specific Google Workspace Groups, with no admin intervention required. - **Auto-generated org chart from directory data** — Pull employee names, titles, departments, and manager relationships from Google Workspace to build and continuously sync an organizational hierarchy inside your app. - **Group-to-role mapping engine** — Let customers configure rules that map their Google Workspace Groups or Organizational Units to your product's internal roles and permission levels. - **Instant access revocation on employee offboarding** — Detect when a user is suspended or deleted in Google Workspace and immediately invalidate their sessions and reassign their assets within your application. - **SSO app usage and license reconciliation dashboard** — Surface which third-party apps are configured in a customer's Google Workspace and which users have access, enabling license optimization and shadow IT detection. - **Department-based ticket and workflow routing** — Use Google Workspace group memberships and department data to automatically route tickets, approvals, or tasks to the correct internal queue when a user logs in via SSO. ## FAQs ### Which Google Workspace APIs does this integration use? The integration primarily leverages the Google Admin SDK Directory API for user, group, organizational unit, and role data, as well as Google Identity Services for SSO-related app and app user information. ### What authentication method is required to connect a Google Workspace account? Google Workspace uses OAuth 2.0 for authorization. The customer's Google Workspace admin grants consent with the required admin scopes (e.g., admin.directory.user.readonly, admin.directory.group.readonly) so Truto can access directory and identity data on their behalf. ### What Unified APIs does Google Workspace map to in Truto? Google Workspace maps to the Unified HRIS API (Employees, Groups), the Unified User Directory API (Users, Roles, Role Assignments), and the Unified Single Sign-On API (Apps, App Users). Specific tools are built on request to match your integration needs. ### How does Truto handle pagination and rate limits for the Google Admin SDK? Truto manages pagination tokens and respects Google's per-user and per-domain rate limits automatically, so your application receives complete result sets without needing to implement retry logic or cursor management. ### Can I access custom user attributes defined in Google Workspace? Google Workspace supports custom schemas on user profiles (e.g., cost center, employee ID). Availability of custom fields through Truto depends on your specific requirements — reach out to discuss mapping custom schema attributes to unified models. ### Are write operations supported, or is the integration read-only? The current Unified API models focus on reading identity and directory data from Google Workspace. Write operations such as creating users or modifying group memberships can be scoped and built on request based on your use case.