SAM SaaS integration with Google Workspace - G-Suite Scope and Permission Requirements FAQSummary<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Docs: SaaS license management - Integrating with Google Workspace The Google Workspace integration has 3 main processes:1. Download all user subscriptions2. Fetch the activity of all users to determine the usage of the products.3. Reclaim users that have low usage. Q. https://www.googleapis.com/auth/admin.directory.user Why is write access needed? A. As part of the reclaim process, we use the Google Workspace Admin console Reference - Method: users.delete API to delete the user record which requires the https://www.googleapis.com/auth/admin.directory.user scope. Q. https://www.googleapis.com/auth/admin.datatransfer Are data transfers in the scope of the SaaS connection to support SAM pro? A. For the reclamation process, the following process is followed to retain the data of the user record which is being reclaimed, to prevent data loss.#1. Transfer all the data (which the user to be reclaimed owns) to the authenticated admin.#2. Once the transfer is successful, delete the user Q. https://www.googleapis.com/auth/admin.reports.usage.readonly What information is required from the Reports API? Some of these reports contain highly sensitive data. What information will be pulled into ServiceNow from this API? A. The Reports API is used to fetch activity data namely, the number of entities updated by users and the last activity timestamp of those entities. The following parameters are fetched in the API call:accounts:last_login_time,accounts:last_sso_time,gmail:last_access_time,gmail:last_imap_time,gmail:last_interaction_time,gmail:last_pop_time,gmail:last_webmail_time,docs:num_owned_google_documents_created,docs:num_owned_google_documents_edited,docs:num_owned_google_documents_trashed,docs:num_owned_google_documents_viewed,docs:num_owned_google_drawings_created,docs:num_owned_google_drawings_edited,docs:num_owned_google_drawings_trashed,docs:num_owned_google_drawings_viewed,docs:num_owned_google_forms_created,docs:num_owned_google_forms_edited,docs:num_owned_google_forms_trashed,docs:num_owned_google_forms_viewed,docs:num_owned_google_presentations_created,docs:num_owned_google_presentations_edited,docs:num_owned_google_presentations_trashed,docs:num_owned_google_presentations_viewed,docs:num_owned_google_spreadsheets_created,docs:num_owned_google_spreadsheets_edited,docs:num_owned_google_spreadsheets_trashed,docs:num_owned_google_spreadsheets_viewed,drive:num_google_documents_created,drive:num_google_documents_edited,drive:num_google_documents_trashed,drive:num_google_documents_viewed,drive:num_google_drawings_created,drive:num_google_drawings_edited,drive:num_google_drawings_trashed,drive:num_google_drawings_viewed,drive:num_google_forms_created,drive:num_google_forms_edited,drive:num_google_forms_trashed,drive:num_google_forms_viewed,drive:num_google_presentations_created,drive:num_google_presentations_edited,drive:num_google_presentations_trashed,drive:num_google_presentations_viewed,drive:num_google_sites_created,drive:num_google_sites_edited,drive:num_google_sites_trashed,drive:num_google_sites_viewed,drive:num_google_spreadsheets_created,drive:num_google_spreadsheets_edited,drive:num_google_spreadsheets_trashed,drive:num_google_spreadsheets_viewed