Google Employee Groups Integration
Connect Google Employee Groups to Sprinto to automatically sync group memberships from Google Workspace for access reviews and compliance checks.
The Google Employee Groups integration enables Sprinto to read employee group and group membership data from Google Workspace. This data is used to automate access reviews and group-based compliance checks.
This integration works only after Google Workspace is connected as an Identity Provider. Sprinto uses read-only Google Admin Directory scopes to fetch groups and associated users. No changes are made to Google Workspace data.
Prerequisites
Google Workspace must already be connected to Sprinto as an Identity Provider
Super Admin access to the Google Workspace account
Admin access in Sprinto
Permissions required
Sprinto follows the principle of least privilege and requests only the minimum scopes required to read group and user information.
On Google Workspace
The following OAuth scopes are requested during authentication:
admin.directory.group.readonly
Read all employee groups
admin.directory.user.readonly
Read user list and basic user metadata
admin.directory.customer.readonly
Read organisation name and domain
Important
All scopes are read-only.
Sprinto does not create, modify, or delete groups or users in Google Workspace.
On Sprinto
Admin access is required to configure integrations.
How it works
Once enabled, Sprinto connects to Google Workspace using OAuth authentication and retrieves:
Employee groups
Group memberships
Basic user identifiers (name, email, status)
Sprinto uses this data to:
Perform group-based access reviews
Validate group membership–based compliance requirements
Keep access evidence up to date automatically
Sprinto runs an initial validation after connection and continues to sync group data periodically.
Connect Google Employee Groups to Sprinto
Steps in Sprinto
Sign in to the Sprinto dashboard.
Go to Settings → Integrations.
Search for Google Workspace in the Available tab.
Ensure Google Workspace (Identity Provider) shows as Connected.
Under Google Workspace – Employee Groups, select Connect.
Review the permissions and data usage details, then select Next.
Confirm that you have admin access to Google Workspace.
Select Connect Google Workspace.
Steps in Google Workspace
When redirected, choose the Google Workspace account to connect.
Sign in using a Super Admin account.
Review the requested read-only scopes.
Select Allow to grant access.
After authentication, you are redirected back to Sprinto.
Confirm successful connection
Once the connection is complete:
The integration status updates to Connected
Sprinto begins the initial group and membership sync
Automated controls and checks linked to employee groups are activated
Post-integration behaviour (PCF flow)
After the integration is enabled:
Sprinto syncs employee groups and memberships from Google Workspace
Group-based access reviews become available
Changes to group memberships are reflected automatically in subsequent syncs
If required, you can manually trigger a refresh from the integration page
Initial syncing may take several minutes, depending on the number of groups and users.
Troubleshooting
Unable to connect Employee Groups
Cause: Google Workspace Identity Provider is not connected. Resolution: Connect Google Workspace as an Identity Provider first, then retry the Employee Groups integration.
Authentication fails despite Super Admin access
Cause: Google API access is restricted in the Admin Console. Resolution: In the Google Admin Console, go to Security → Access and data control → API controls and ensure Workspace Admin access is set to Unrestricted.
Groups or memberships not syncing
Cause: Missing or revoked OAuth permissions. Resolution: Reconnect the integration and reapprove the requested scopes.
Last updated