Ctrlk
Help centerAPI referenceChangelogWebsiteLoginBook a demo

Google Workspace

Connect Google Workspace to Siit to sync your users and groups, and power group management actions from every request and workflow.

Connect Google Workspace to manage groups directly from any request. Add or remove users from Google Groups in the side panel, in workflows, or via IT Agent, and feed Day-1 onboarding flows from your HRIS-driven org structure.

What you get

  • Live directory — Google Workspace users sync into Siit with email, name, org unit, and group memberships.

  • Group management actions — add or remove users from Google Groups directly from request side panels, workflows, and IT Agent playbooks.

  • Audit trail — every group change triggered from Siit is logged on the request timeline.

  • Source for onboarding and access requests — pair Google with an HRIS to run Day-1 flows that place new hires into the right distribution lists and access groups automatically.

Scope note — Siit's Google Workspace integration focuses on directory sync and group management. User lifecycle actions (create, suspend, delete) are not currently exposed as native Siit actions for Google Workspace — if you need those, pair Google Workspace with Okta, Entra ID, or JumpCloud, or use the IT Agent with custom webhooks.

What syncs from Google Workspace

Category
Fields

Identity

Full name, primary email, aliases, Google user ID

Org context

Organizational unit, job title (if set in Directory)

Groups

Group memberships, group ownership

Work email (the primary Google email) is the canonical identifier.

Actions available

  • Google → Add user to group — add a user to a Google Group. Available in side panel, workflows, and IT Agent.

  • Google → Remove user from group — remove a user from a Google Group. Available in side panel, workflows, and IT Agent.

Both actions can be gated behind approvals when used in workflows or IT Agent playbooks.

Before you connect

  • You'll need a Google Workspace Super Admin account to grant the initial OAuth consent. Consent is granted once at the workspace level.

  • Decide which admin account will own the connection. The integration continues to work after individual admins change, but re-authorization requires a Super Admin.

  • Choose whether Siit should have read-only directory access, or also group management scope. Without the group management scope, add/remove actions won't be available.

Connect Google Workspace

  1. In Siit, go to Settings → Integrations.

  2. Find Google Workspace in the IAM section and click Connect.

  3. You'll be redirected to Google to sign in. Sign in with a Super Admin account.

  4. Review the requested OAuth scopes:

    • Read directory (users, org units, groups and memberships)

    • Optional: manage group memberships — required for add / remove actions

  5. Accept the consent and you'll be redirected back to Siit.

  6. Siit runs an initial import of users and groups (can take a few minutes for large workspaces).

  7. Review the imported data and click Finish setup.

Tip — If your Google Workspace has app access control restrictions, a Super Admin may need to explicitly allow Siit in Security → API controls → App access control → Manage third-party app access. Otherwise the OAuth flow will fail silently or with a "restricted" message.

After the connection

  • Check your People list — confirm users imported correctly. The count should match Directory users (excluding suspended, unless you opted to include them).

  • Scope the groups — by default all groups are synced. In Settings → Integrations → Google Workspace, you can scope to specific groups or org units if you don't want the entire directory tree.

  • Try an action from a request — open any request, and use the side panel Apps section to add/remove the requester from a Google Group.

  • Build a workflow — a good first workflow: an access request that adds the requester to a group after manager approval.

Sync frequency

Google Workspace data refreshes automatically every few hours. Trigger an immediate refresh from Settings → Integrations → Google Workspace → Sync now. Actions run on demand, immediately, when triggered from Siit.

Common workflows

Access request. Trigger: Request submitted (service = "Request group access"). Actions: manager approval → Google add to group → DM requester.

Day-1 onboarding (with HRIS). Trigger: Start date. Actions: Google add to onboarding@ group and dept-specific groups → notify manager.

Offboarding on end date. Trigger: End date. Actions: Google remove from all groups → create equipment pickup request → DM manager.

Project access provisioning. Trigger: Request submitted with form value Project = "Phoenix". Action: Google add to phoenix-team@ group.

Troubleshooting

Connection fails with "app not authorized". Super Admin hasn't allowed Siit in Google's third-party app access control. Ask a Super Admin to approve Siit in Security → API controls → App access control.

Users missing from Siit. Check whether suspended users are excluded — by default they are. Adjust the filter in Settings → Integrations → Google Workspace.

Add to group action fails. The OAuth scope for group management wasn't granted at install time. Re-authorize the connection and accept the group management scope.

Group isn't visible as an option. The group may be scoped out. Check the group scope setting in Settings → Integrations → Google Workspace, or ensure it's a Google Group (not a shared label or team drive).

A user isn't in the group after the action ran. Check the request timeline — if the action succeeded, Google may be propagating the change (some distribution groups take a minute). If it failed, the error is shown inline.

PreviousIAMNextMicrosoft Entra ID

Last updated