Google Workspace Platform proof types and permissions
Note
Hyperproof connects to many third-party systems that frequently change, including the system interface. Contact your System Administrator or the third-party provider for assistance meeting the requirements to integrate with Hyperproof and collect the proof you need.
This Hypersync requires you to have a Google Workspace Platform (GWP) administrator account.
When you create a Hypersync between Hyperproof and GWP, you can automatically collect proof based on the following services:
Admin Audit Log
Group Membership
List of Groups
List of Inbound SAML SSO Profiles (requires
Security Settingspermission)List of SAML Providers
List of Users
List of Users - MFA Verification
Login Audit Log
User Security Report
List of Chromebook Devices (requires
Manage ChromeOS Devices > Readpermission)
Additional documentation
Note
You only need to connect Hyperproof to the app once, and then you can create as many Hypersyncs as you need. Additionally, you can create multiple Hypersyncs for a single control or label.
Note
If your Google Workspace Platform settings allow users to install and run selected apps from the Marketplace, you will have to add the Hyperproof app to your organization’s allowlist. The Hyperproof client ID is 1042904415275-cv7inn9s69jst8pgh8pq4ig23iaaugcm.apps.googleusercontent.com. For more information, see this Google article.
Note
Organizations hosted in Hyperproof EU may receive a warning when connecting to Google apps that the Hyperproof app hasn't been verified with Google. Hyperproof is finalizing the verification process. If you feel comfortable continuing, click the Advanced link on the warning and allow Hyperproof to access your Google app.
Permissions
Below is a list of permissions needed for the Google Workspace Platform Hypersync. It’s recommended to create an Admin role in GWP with minimum permissions.
In the Google Admin Console, navigate to Account > Admin roles > Create new role. Name the new role and then add the privileges in the table below. Once the role is created, select the role and then select Admins > Assign users. Add the Google user who is going to be collecting proof proof in Hyperproof.
Important
The user must be added as an admin.
Proof type | Admin Console privileges | Admin API privileges |
|---|---|---|
Admin Audit Log | Reports | Users.Read, Groups.Read |
Group Membership | Domain Settings | |
List of Groups | Domain Settings | Users.Read, Groups.Read |
List of Users | Domain Settings | Users.Read |
Login Audit Log | Reports | |
User Security Report | Reports |
Tip
Adding the Console privilege Domain Settings automatically adds the API privilege Domain Management.
OAuth scopes for Google Workspace Platform Hypersync connected app
Below is a list of OAuth scopes needed for the Google Cloud Platform Hypersync. These are not actionable; they are listed as a heads-up should you or your IT need them.
https://www.googleapis.com/auth/admin.directory.user.readonly
https://www.googleapis.com/auth/admin.directory.domain.readonly
https://www.googleapis.com/auth/admin.directory.group.readonly
https://www.googleapis.com/auth/admin.reports.audit.readonly
https://www.googleapis.com/auth/admin.reports.usage.readonly
https://www.googleapis.com/auth/apps.groups.settings
https://www.googleapis.com/auth/cloud-identity.inboundsso.readonly
https://www.googleapis.com/auth/userinfo.email