G Suite – read-only permissionsSolved

Participant
Discussion
10 months ago

Hi, I’ve been using Hexnode for a while now and I’m curious about the permissions that are being granted to Hexnode while I’m configuring G Suite integration. I understand that we need to grant permissions while creating a service account and OAuth scopes. Does Hexnode have only read-only permissions? And what happens when we enable “Manage domain-wide delegation”?

Replies (1)

Marked SolutionPending Review
Hexnode Expert
10 months ago
Marked SolutionPending Review

Hi @lyra,

Thanks for reaching out to us.

Hexnode requires certain permissions to access your Google Workspace (G Suite) account information to provide the necessary functionality as a UEM solution.

Regarding the scopes, Hexnode uses the following OAuth scopes:

https://www.googleapis.com/auth/admin.directory.user – To sync individual users.
https://www.googleapis.com/auth/admin.directory.group – To sync user groups.
https://www.googleapis.com/auth/admin.directory.domain – To fetch the domain.

While these scopes provide Hexnode with both read and write permissions, Hexnode currently only utilizes “read-only” permission to access your Google Workspace (G Suite) account to collect information regarding your users, groups, and domains. However, rest assured that Hexnode can’t make any changes to your Google Workspace (G Suite) account.

Also, regarding “Manage domain-wide delegation”, if you enable it for an app in your Google Workspace (G Suite) environment, you are granting the application the ability to access users’ data. This feature is often used for service accounts. In this case, enabling it for the Hexnode service account authorizes it to access users’ data without needing consent from them. The API scopes defined by the administrator for the app determine the access.

If you have any further questions or concerns about the permissions, please do reach out to our support team for assistance.

Regards,
Carl Hughes
Hexnode UEM