Set up Google Integration

Overview

The Google Integration in Tropic provides insights into all third-party applications your employees access using Google Authentication. It displays applications employees have signed up for with their corporate Google accounts using the "Sign up with Google" or "Sign in with Google" buttons.

This guide provides step-by-step instructions to set up the Google Integration. Once connected, it helps manage software costs, detect shadow IT, and ensure compliance with security protocols.

Demo

This interactive demo visually demonstrates how to set up the Google Integration in Tropic. It guides you through connecting the integration, mapping unmatched products, and syncing data. 

Note: For an enhanced viewing experience, click the expand icon in the top-right corner of the demo to enlarge the screen.

Click Start Demo or Play (top right corner) to begin the demo.

Tip: You can navigate back and forth between steps by positioning your mouse at the bottom of the demo screen. A progress bar will appear, allowing you to jump to different steps as needed.

Prerequisites

• Required Role: Owner
• Ensure admin-level permissions for Google Workspace.
• It is recommended to use a dedicated service account with admin permissions instead of a personal admin account for enhanced security and continuity.
  • See Google’s Service Account Documentation for more details.
• The Google Admin responsible for this integration should be familiar with syncing data and regularly checking updates.

Note: Tropic syncs data nightly to ensure your records remain up to date.

Steps to Connect

• Navigate to the Integration page in Tropic.
• Search for and select Google, then click Connect.
• Follow the prompts to authenticate and connect your Google Workspace account.
• Confirm the connection status.

Important: The initial data fetch may take 24-48 hours due to data volume and Google’s API rate limits.

Required Permissions

The following Google API permissions are required for the integration to function:

Admin Directory User Readonly

• Scope: https://www.googleapis.com/auth/admin.directory.user.readonly
• Purpose: Pull user data from the organization.

Admin Directory Org Unit Readonly

• Scope: https://www.googleapis.com/auth/admin.directory.user.readonly (This is the scope of access requested by the API to grant read-only access to organizational units.)
• Purpose: View organizational units.
• Endpoint Reference: REST Resource: orgunits (Provides detailed information on API methods, parameters, and usage examples for accessing organizational unit data.) 

Post-Setup Steps

Product Matching is the process of linking the applications identified through the Google Integration to corresponding products in Tropic’s database of over 6,500 SaaS tools. If Tropic cannot automatically match an application, it will appear in the Unmatched Tab. Here, you can manually create a 'local product,' which is a custom entry specific to your organization, ensuring every application is accurately represented and tracked.

To Use Product Matching:

• Navigate to Settings > Product Matching in Tropic.
• Review unmatched applications and create local products for unmatched entries.
• Once mapped, usage metrics such as user counts and activity levels will reflect these matches.

To Sync Data:

• Go to the Integration page and click Sync Data. 
• Review and update the selected organizational units and domains to ensure that Tropic accurately reflects your current organizational structure and data hierarchy.

Analyzing Data:

After completing the product matching process, navigate to Spend Management > Access & Usage tab to monitor app usage and generate detailed reports. This allows you to analyze application engagement, detect shadow IT, and gain actionable insights for better procurement decisions.

Best Practices

• Ensure only authorized Google admins set up the integration to maintain data security.
• Regularly review and update matched products to maintain an accurate product portfolio.
• Leverage usage metrics to identify cost-saving opportunities and optimize software utilization.
• Perform regular data syncs after changes in Google Workspace.
• Monitor integration performance and report discrepancies promptly.

FAQ

Q: Are there any specific API endpoints or methods in this integration process?
A: The Google integration primarily uses OAuth 2.0 API endpoints provided by Google to fetch data on third-party applications accessed using Google credentials. Specific endpoints include those for user authentication, token exchange, and fetching the list of connected applications.

Q: Do I need to have Okta to use this feature?
A: No, you do not need to have Okta to use the Google integration. The Google integration works independently and provides visibility into applications accessed through Google authentication.

Q: What action do I need to take if Google Integration is not implemented in my organization?
A: If Google Integration is not yet implemented, you need to work with your Google Admin to set up the integration in your Tropic account. Follow the steps outlined in the "Setting Up the Integration" section to connect your Google Workspace account.

Q: What does Active Users mean?
A: Active Users refers to the number of users who have accessed a particular application using their Google credentials within a specified period. This metric helps in understanding the usage and engagement levels of different applications within your organization.

Additional Resources

For more information, visit our Help Center. Our resources provide detailed guidance to help you navigate Tropic effectively.