Setting Up Google Workspace Integration

This guide walks you through connecting your Google Workspace environment to Triggr.

Overview

The Google Workspace integration enables Triggr to automate tasks within Google Workspace, including:

• User management, licensing, and organizational units (Admin SDK)
• File and folder operations (Google Drive)
• Email sending and management (Gmail)
• Group configuration and membership management (Groups Settings)

Prerequisites

Before you begin, ensure you have:

• Super Admin credentials for Google Workspace
• Access to Google Cloud Console (console.cloud.google.com)
• Access to Google Workspace Admin Console (admin.google.com)

Important: The authorizing user must possess Super Admin credentials in Google Workspace. Access is limited to resources the authorizing user can access - domain-wide delegation is not currently supported. This restriction prevents mailbox delegation and shared Drive access for other accounts.

Step 1: Create a GCP Project

First, create a Google Cloud Platform project for the integration.

1. Navigate to Google Cloud Console
2. Go to IAM & Admin > Manage Resources
3. Click CREATE PROJECT
4. Enter a descriptive project name (e.g., "Triggr Integration")
5. Choose your organization and location settings
6. Click Create

Step 2: Enable Required APIs

Enable the APIs that Triggr needs to interact with Google Workspace.

1. Select your project from the dropdown at the top
2. Go to APIs & Services > Library
3. Search for and enable each of the following APIs:
   • Admin SDK API - for user management
   • Google Drive API - for file and folder operations
   • Gmail API - for email management
   • Groups Settings API - for group configuration

Step 3: Configure OAuth Consent Screen

Set up the OAuth consent screen for your application.

1. Go to APIs & Services > OAuth consent screen
2. Select Internal as the user type
3. Click Create
4. Complete the required fields:
   • App name: Enter a name (e.g., "Triggr")
   • User support email: Enter your support email
5. Navigate to Data Access > Scopes
6. Search for "Admin SDK" and select all related scopes
7. Click UPDATE
8. Save your changes

Step 4: Create OAuth Credentials

Create the OAuth credentials that Triggr will use to authenticate.

1. Go to APIs & Services > Credentials
2. Click CREATE CREDENTIALS > OAuth client ID
3. Select Web application as the application type
4. Enter a descriptive name (e.g., "Triggr OAuth Client")
5. Under Authorized redirect URIs, add:

   https://app.triggr-app.com/oauth/callback

6. Click Create
7. Copy the Client ID and Client Secret immediately

Important: Store your Client Secret securely - you may need to regenerate it if lost.

Step 5: Configure Triggr Base Settings

Configure the base integration settings in Triggr.

1. In Triggr, navigate to Integrations
2. Find and select Google Workspace
3. Click + Configure next to the Base Configuration card
4. Set all fields to dashes (-):
   • Client ID: -
   • Client Secret: -
   • Admin Email: -
5. Click Save Configuration

Note: The base configuration uses placeholder values because credentials are configured per-client for this integration.

Step 6: Configure Per-Client Credentials

Set up credentials for each client that needs Google Workspace access.

1. In the Google Workspace integration page, locate the Per-Client Configuration section
2. Select the client from the dropdown
3. Enter the credentials from your GCP project:
   • Client ID: The Client ID from Step 4
   • Client Secret: The Client Secret from Step 4
   • Admin Email: The Super Admin account email address
4. Click Save

Step 7: Complete OAuth Authorization

Authorize Triggr to access Google Workspace.

1. After saving the per-client configuration, click Authorize
2. Sign in with the Super Admin account when prompted
3. Review and accept the requested permissions
4. You'll be redirected back to Triggr once authorization is complete

Step 8: Trust Triggr in Google Workspace Admin Console

Configure Google Workspace to trust the Triggr application.

Trust Settings

1. Go to Google Workspace Admin Console
2. Navigate to Security > Access and data control > API controls
3. Click Accessed Apps > View List
4. Locate "Triggr" in the app list
5. Change the Status to Trusted
6. Enable Allowlist for exemption from API access blocks

Session Control Configuration

1. Go to Security > Google Cloud session control
2. Expand the Google Cloud session control section
3. Select Require authentication
4. Enable Exempt trusted apps
5. Choose your preferred re-authentication method
6. Click Save

Important Notes

• Super Admin Required: Only Super Admin accounts can authorize this integration
• No Domain-Wide Delegation: Access is limited to resources the authorizing Super Admin can access
• Per-Client Setup: Each client requires their own GCP project and OAuth credentials
• Legacy Integrations: Integrations established before May 2025 can enable additional APIs by repeating the enablement steps and re-authorizing in Triggr

Troubleshooting

Authorization Failures

If authorization fails:

1. Verify the authorizing user has Super Admin access
2. Confirm all required APIs are enabled in GCP
3. Validate the redirect URI matches exactly: https://app.triggr-app.com/oauth/callback

Permission Errors

If you receive permission errors after authorization:

1. Ensure the app is marked as Trusted in Google Workspace Admin Console
2. Verify session control exemptions are configured
3. Confirm all OAuth scopes were selected during consent screen setup

Changing the Admin Account

If you need to change the authorizing admin:

1. Remove the per-client configuration in Triggr
2. Re-add the configuration with the new admin email
3. Complete the authorization flow with the new Super Admin account

APIs Not Working

If certain functionality isn't available:

1. Go to APIs & Services > Library in GCP
2. Verify all required APIs are enabled
3. Re-authorize in Triggr to pick up the new API permissions

---

Need help? Contact your account manager - we're happy to help configure this integration with you.