Connect Google Workspace to Porcia
Connect your Google Workspace to automatically discover all applications your team accesses via Google SSO.Prerequisites
- Google Workspace admin account
- Super Admin privileges in Google Workspace
- 5-10 minutes for setup
You need Super Admin access to grant the necessary permissions. If you don’t have admin access, ask your IT administrator to set this up.
What Porcia Will Discover
Once connected, Porcia will discover:SAML Applications
All SAML SSO apps configured in Google Workspace
OAuth Applications
Third-party apps with OAuth access to Google services
User Access
Which team members have access to each application
Usage Patterns
Login frequency and usage analytics
Step-by-Step Setup
Review Privacy Notice
A privacy notice will appear explaining exactly what data Porcia collects (app names, user emails, login timestamps, OAuth scopes). You must check two acknowledgement boxes and click Accept & Continue to proceed.
Sign in with Admin Account
You’ll be redirected to Google’s sign-in page. Important: Sign in with your Google Workspace admin account, not a regular user account.
Review Permissions
Google will show the permissions Porcia is requesting:Admin SDK API:
- View users on your domain
- View groups on your domain
- View organizational units on your domain
- View audit reports for your Google Workspace domain
- View usage reports for your Google Workspace domain
Wait for Initial Sync
You’ll be redirected back to Porcia. The initial sync will begin automatically and takes 5-10 minutes.Porcia will:
- Discover all SSO applications
- Map user access and permissions
- Analyze recent login activity
- Match applications to vendor database
Permissions Explained
What We Can Access
User Directory (Read-Only):- ✅ User names and email addresses
- ✅ Group memberships
- ✅ Organizational unit structure
- ✅ User status (active/suspended)
- ✅ SAML applications configured
- ✅ OAuth applications with access
- ✅ Application names and logos
- ✅ User assignments to applications
- ✅ Login events and frequency
- ✅ Application usage statistics
- ✅ User activity patterns
- ✅ Security and audit logs
What We CANNOT Do
- ❌ Modify users - We never add, remove, or change users
- ❌ Change permissions - We never modify app access or permissions
- ❌ Access user data - We never read emails, files, or personal data
- ❌ Modify applications - We never change SSO configurations
- ❌ Send emails - We never send emails on behalf of users
All permissions are read-only. Porcia cannot make any changes to your Google Workspace configuration.
What Gets Discovered
SAML Applications
Examples of SAML apps Porcia will find:- Salesforce
- Slack
- Zoom
- Atlassian (Jira, Confluence)
- Adobe Creative Cloud
- Okta (if using as secondary IdP)
- Application name and logo
- Vendor identification
- User assignments
- Login frequency
- Last access date
OAuth Applications
Examples of OAuth apps Porcia will find:- Third-party apps with Google Drive access
- Apps using Google Calendar integration
- Apps with Gmail API access
- Google Workspace Marketplace apps
- Application name and permissions
- OAuth scopes granted
- User consent status
- Usage frequency
User Access Patterns
Analytics Porcia provides:- Most used applications by team
- Unused application licenses
- Login frequency distribution
- Access pattern anomalies
- Shadow IT detection (apps added without IT approval)
Troubleshooting
Connection Failed
Error: “Access denied”- Ensure you’re signing in with a Super Admin account
- Check that the admin account has all necessary privileges
- Try signing out of all Google accounts and signing in again
- Click Advanced → Go to Porcia (unsafe)
- This is a standard Google warning for newer applications
- Porcia is safe and only requests read-only access
- Your organization may require admin approval for new apps
- Contact your Google Workspace administrator
- They may need to pre-approve Porcia in the Admin Console
Pre-approve Porcia in Google Admin Console
Pre-approve Porcia in Google Admin Console
If your organization requires pre-approval:
- Go to Google Admin Console → Security → API Controls
- Click Manage Third-Party App Access
- Click Add app → OAuth App Name or Client ID
- Search for “Porcia” and click Select
- Select Trusted and click Configure
- Choose which organizational units can access Porcia
- Click Finish
No Applications Discovered
If no applications appear after sync:- Wait longer - Large organizations can take 10-15 minutes for initial sync
- Check SSO usage - Verify your organization actually uses Google SSO for third-party apps
- Verify admin permissions - Ensure the connected account has Super Admin privileges
- Check organizational units - Porcia may only have access to specific OUs
Sync Stopped Working
If sync stops after working initially:- Check connection status - Go to Settings → Integrations → SSO
- Reconnect if needed - Click Reconnect if status shows “Disconnected”
- Check admin account - Verify the admin account is still active
- Check API limits - Google has API rate limits; sync will resume automatically
Need Help? Check our FAQ or contact support@porcia.org for SSO troubleshooting assistance.
Google Workspace Admin Console
Viewing Connected Apps
To see all apps connected to your Google Workspace:- Go to Google Admin Console → Security → API Controls
- Click App access control
- View Third-party apps with account access
Managing App Access
To control which apps can access your Google Workspace:- Go to Google Admin Console → Security → API Controls
- Click Manage Third-Party App Access
- Configure access for each app (Trusted, Limited, Blocked)
Audit Logs
To view audit logs for app access:- Go to Google Admin Console → Reporting → Audit and investigation
- Select OAuth Token or SAML events
- Filter by application or user
Data Sync Frequency
Initial Sync:- Complete application catalog
- All user assignments
- 90 days of login history
- Applications: Daily (new apps, configuration changes)
- User assignments: Daily (new users, permission changes)
- Usage data: Daily (login events, activity)
- Real-time events: Via webhook (if available)
Privacy & Security
Data Storage
- User directory - Names, emails, group memberships (encrypted)
- Application catalog - App names, logos, configurations
- Usage analytics - Login events, frequency (anonymized in reports)
- Access patterns - User-to-app relationships
Data Protection
- Encryption - AES-256 at rest, TLS 1.3 in transit
- Access control - Only workspace admins can view detailed user data
- Audit logs - Complete audit trail of all sync activity
- Token security - OAuth tokens stored securely with encryption at rest
Compliance
- Data privacy - Right to access, delete, and export data (GDPR compliance in progress)
- Industry-standard security - Follows security best practices for cloud integrations
Security: Porcia follows industry-standard security practices including end-to-end encryption and role-based access control. Full security documentation coming soon.
Disconnecting Google Workspace
To disconnect your Google Workspace:- Go to Settings → Integrations → SSO
- Find Google Workspace connection
- Click Disconnect
- Confirm disconnection
Disconnecting will stop new application discovery and usage tracking. Historical data will be preserved unless you choose to delete it.
Revoke Access in Google
To completely revoke Porcia’s access:- Go to Google Admin Console → Security → API Controls
- Click Manage Third-Party App Access
- Find “Porcia” in the list
- Click Block or Remove