Freshservice’s integrations for SaaS management enables accurate and reliable user and usage data discovery. With the G Suite integration, admins can 

  • Discover and track the G Suite plan, users and usage of G Suite (Eg: accessing Gmail) by employees in the organization

  • Discover and track all the SaaS products, mobile apps and websites that their employees authenticate to using the Google Sign in.

While the other Identity management integrations enable tracking all the apps managed by the organization in one place, G Suite integration enables identifying new apps that employees use without permissions from the admin. 

Since these apps and websites are granted access to the organization’s data by employees, these connected apps need to be monitored and managed by IT admins. Normally, admins use the data from G Suite to identify apps whose access needs to be revoked and the ones that need to be migrated to their organization’s SSO.

Note: For the apps that employees sign in using the Google Sign in, we don’t collect any usage data.

Install the integration in Freshservice

  1. In Freshservice, navigate to Admin → SaaS Management and click on GSuite SaaS Discovery App.

  2. Use Account Label to give a unique name for this account’s integration with Freshservice to identify the apps discovered using this GSuite account. 

  3. In the Integration Add New Account page, enter the G-suite Admin email address (Subject field), Private Key ID, Private Key, Client Email, and Domain copied from your Gsuite account. 

Getting G-suite Admin email address (Subject field), Private Key ID, Private Key, Client Email, and Domain from GSuite

  1. Open the Service accounts page in the Google Cloud platform. 

  2. Select Create New Project

  3. Enter Project name (ex: FSSaaSdiscovery)

  4. Once the project is created, select Add people to this project option under Dashboard section. Please enter the email address of the user who will be owner of this project. This email address will be used on the Freshservice side during the app configuration.

  5. Once the member is added, navigate to APIs & Services section.

  6. Select Enable APIs AND Services.

  7. Search for Admin SDK in API Library search view. Enable Admin SDK.

  8. Once the Admin SDK is enabled, please navigate to IAM & Admin -> Service Accounts section to create a new service account.

  9. Click add Create service account. Under Service account details, type a name, ID, and description for the service account, then click Create.

  10. Optional: Under Service account permissions, select the IAM roles to grant to the service account, then click Continue.

  11. Optional: Under Grant users access to this service account, add the users or groups that are allowed to use and manage the service account.

  12. Once the service account is created, click on the account from the list view page.

  13. Inside the service account, please check Enable domain-wide delegation option if it’s not enabled already.

  14. Click add Create key, then click Create.

  15. Upon clicking Create, the public/private key pair is generated and downloaded to your machine.
    Note: Please store the key information securely. If you lose this key pair, you will need to generate a new one.

  16. Please open the Private key file downloaded to your machine. This will look something like this:

  17. Copy the client ID information. 

  18. Navigate to the admin console and click on Security.

  19. Under Advanced settings, select Manage Domain wide delegation.

  20. Select New and paste the service account client ID here, provided in the downloaded JSON key.

  21. For the OAuth scope information, please paste the below values in a comma-separated way.,,,,

  22.  Navigate to https://<yourcompanyname>

  23.  Enter the details as follows in the GSuite Integration Page:

    Private KeyPrivate Key ID and Client email information can be fetched from the previously downloaded file.
    Domain information is the name of the domain for which you would like to enable SaaS discovery.

    Subject is the admin email address of the service account. 

    Label is a reference ID for the integration. (Ex: G suite discovery)