Google user data
How ONE uses Google data.
Google Workspace access is optional. Only a Google Workspace administrator can approve it. Normal user sign-in does not request Google directory access.
Enterprise organisations can connect Google Workspace in IAM to keep member records aligned with Google.
Administrators can also provision or update Google accounts when that option is enabled.
Requested Google scopes
Requested during the Google Workspace connection flow in IAM.
| Scope | Why it is requested | Google data accessed |
|---|---|---|
| openid | Identify the Google administrator who approves the connection. | Basic OpenID Connect identity for the admin account. |
| Store the verified administrator email for the connection. | Administrator primary Google email address. | |
| profile | Show connection status inside IAM. | Administrator Google account name and profile ID. |
| admin.directory.user | Sync members with Google Workspace and create or update Google users when enabled. | Google user ID, email, aliases, name, suspension status, org unit, and related directory fields. |
How Google data is used
-
Only enterprise administrators with the connections:google:manage permission can connect Google Workspace.
-
Google authorisation happens in IAM during an administrator sign-in flow, not during normal user sign-in.
-
Google directory data is used to match members, show sync status, and provision Google accounts when an administrator enables it.
-
Google data is used only for the connected organisation. It is not used for advertising or sold to third parties.