What permissions does Governably need?

Read-only access to Google Drive file metadata (not file contents), Admin SDK for user directory, and Gmail metadata for email security analysis. We never read the content of your emails or files.

Do I need to be a Google Workspace admin?

Yes. The OAuth consent flow requires a Super Admin or delegated admin to approve the requested scopes.

Can I revoke access later?

Yes. Disconnect from the Governably dashboard at any time, or revoke access directly in Google Admin Console under Security → API Controls → Third-party app access control.

Connect Google Workspace

Link your Google Workspace to scan Drive sharing permissions and OAuth grants.

7 April 2026·5 min read

What we scan

Connecting Google Workspace unlocks three additional scan capabilities:

Drive sharing audit: files shared publicly, shared with external users, or shared via link with no expiry
OAuth grant audit: third-party applications (including AI tools) that users have authorised via "Sign in with Google"
User directory: employee list for credential breach matching and policy acknowledgement tracking

Permissions required

Governably requests read-only scopes:

drive.readonly — read file metadata and sharing permissions (not file contents)
admin.directory.user.readonly — read user directory for employee matching
gmail.readonly — read email metadata for security analysis

How to connect

Go to your Governably Dashboard
In the Cloud Integrations section, click Connect Google Workspace
You'll be redirected to Google's consent screen
Review the requested permissions and click Allow
You'll be redirected back to Governably with a green "Connected" badge

The next scan will automatically include Drive, OAuth, and directory data.

Troubleshooting

"Access denied": you need Google Workspace Super Admin or delegated admin privileges
"Scope error": your organisation may have restricted third-party app access. Check Google Admin Console → Security → API Controls