[Carl Hexnode 22 December 2023 Carl Moderator]

Hi @lyra,

Thanks for reaching out to us.

Hexnode requires certain permissions to access your Google Workspace (G Suite) account information to provide the necessary functionality as a UEM solution.

Regarding the scopes, Hexnode uses the following OAuth scopes:

https://www.googleapis.com/auth/admin.directory.user – To sync individual users.
https://www.googleapis.com/auth/admin.directory.group – To sync user groups.
https://www.googleapis.com/auth/admin.directory.domain – To fetch the domain.

While these scopes provide Hexnode with both read and write permissions, Hexnode currently only utilizes “read-only” permission to access your Google Workspace (G Suite) account to collect information regarding your users, groups, and domains. However, rest assured that Hexnode can’t make any changes to your Google Workspace (G Suite) account.

Also, regarding “Manage domain-wide delegation”, if you enable it for an app in your Google Workspace (G Suite) environment, you are granting the application the ability to access users’ data. This feature is often used for service accounts. In this case, enabling it for the Hexnode service account authorizes it to access users’ data without needing consent from them. The API scopes defined by the administrator for the app determine the access.

If you have any further questions or concerns about the permissions, please do reach out to our support team for assistance.

Regards,
Carl Hughes
Hexnode UEM