Google Workspace is a suite of office products that includes collaboration tools such as email, calendar, and meetings as well as productivity tools including word processing, presentations, and spreadsheets. The Google Workspace Admin console controls access to applications and the ability to perform any privileged actions within Google Workspace. Trustle uses the Admin console’s APIs to reveal access for users, manage just-in-time access, and de-provision user privileges. Trustle also uses the identity data from Google Workspace to automatically link the identity to users in other platforms and applications.

Trustle with Google Workspace

Overview

Trustle connects with Google Workspace to gather a full list of users on the system and to collect usage information—both for Google apps and logins to apps connected to Google Single Sign-on (SSO). Administrators can use this information to:

• Easily map users to other systems connected to Trustle by using Google’s directory of full names, email address, title, manager, and other profile information
• Monitor which applications users have signed up for and logged into using Google’s SSO service
• Maintain usage history to set historical baselines, produce efficient access policies and create audit reports

As with all Trustle connectors, the Google Workspace system administration includes a dashboard that identifies unused accounts and over-privileged users (i.e. users with permissions they never use).

Gather User Info Using Google as your Identity Provider (IdP)

Google Workspace is more than just a collection of productivity apps, it also provides IdP SSO services both to the Google ecosystem and hundreds of other apps that integrate with it. Because Google’s SSO is based on the industry standard Open ID Connect (OIDC), which itself is based on OAuth, most cloud services support this connectivity natively. Using Google’s IdP functionality, you can manage group memberships and profile information that will affect users’ privileges in a great many applications.

Managing Entitlements via Google

As an IdP, Google maintains many types of information on people, groups, and entitlements that are of broad use both to Trustle and any connected system.

Users

Google maintains profile information, which is both useful for account linking and entitlement policies. The directory can provide information about a person’s title, manager, photo, email address, and phone number, just to name a few.

Groups

Groups are useful for mailing lists, calendar invites, team membership, and assigning privileges in other platforms and applications. You can use Workspace groups in Trustle for requesting and approving access.

Access

You can use Trustle to display a catalog of apps available and automate approvals and provisioning of access.

‍