About this article
Vanta integrates with Google Workspace to monitor and manage access to your tools. By syncing user access data, Vanta helps ensure that only active employees retain access and that access is promptly removed when personnel leave—supporting automated compliance needs, streamlined access reviews, and automated access requests.
Estimated setup time: Less than [10] minutes
How it works
Vanta connects to Google Workspace to sync users, groups, and roles data on a regular basis. This data powers three key workflows in Vanta:
Automated compliance tests: Vanta automatically checks that accounts are linked to employees, MFA is enabled, and deprovisioned when personnel leave.
Access Reviews: Synced users are surfaced in Vanta's Access Reviews and approvers can validate whether access is still appropriate, confirm least-privilege access, and provide evidence for audits.
Access Requests - Entitlements from Google Workspace are pulled into Vanta. Requesters can ask for specific access levels, approvers can review with context, and system admins can track provisioning.
Use Cases
Connecting Google Workspace to Vanta will enable you to:
Monitor and manage personnel access to Google Workspace in real time
Ensure only active employees retain access to company systems
Verify MFA enrollment across all user accounts
Track admin role assignments and privileged access
Simplify access reviews and support compliance requirements
Requirements
Vanta administrator account
Google Workspace Super Admin account (required to authorize API access)
Google Workspace Business, Enterprise, Education, or Nonprofits edition (Admin SDK API access required)
Connect the integration
Log in to Vanta as an administrator.
Navigate to Integrations and search for Google Workspace
Click Connect Google Workspace
Sign in with Google using a Super Admin account.
Once you have you are connected, configure IDP scoping (optional but recommended):
By default, Vanta syncs all users in your Google Workspace domain
See https://help.vanta.com/en/articles/11345768-controlling-scope-through-google-workspace for detailed instructions
Users will appear in Vanta within approximately 30 minutes after initial sync
Synced Data
Connecting Google Workspace to Vanta syncs the following user data, which is essential for access control, compliance testing, and reviews within Vanta:
Synced User Information:
User Profile: Includes name (given, family, and display), email address, and profile photo.
Employment Details: The user's job title, taken from their primary Google Workspace organization.
Access & Security Status: Information on admin status, assigned roles, Multi-Factor Authentication (MFA) enrollment, and the time of the last login.
Account Status: Current suspension status and the account creation date.
This integrated data is critical for Vanta's functions, supporting features like Access Reviews, Access Requests, and automated compliance tests to help maintain strong access controls and meet required compliance standards.
Capabilities
Resource | Supported | Usage |
Users | ✅ | |
Groups | ✅ | |
Roles/Entitlements | ✅ | |
Last Login | ✅ |
Permissions
Vanta accesses the following data from the Google Admin SDK Directory API
Vanta will be able to read:
Data about your users
Needed to confirm that only active employees retain system access and that terminated employees are deprovisioned promptly. In Access Requests, this allows Vanta to display available users when tracking or assigning access.
Data about user groups
Needed to validate least-privilege access and confirm group-based access controls align with compliance requirements. In Access Requests, this enables approvers to see which groups grant access and map access levels to entitlements.
Data about admin roles and role assignments
Needed to ensure employees are assigned to correct roles, validate least-privilege access, and confirm that high-privilege roles (e.g., Super Admin, Groups Admin) are only granted to authorized personnel. In https://help.vanta.com/en/articles/11345423-managing-access-requests-in-vanta, this allows requesters to choose from the correct set of roles and ensures approvers can review what level of access is being requested.
Data about OAuth application access (optional)
Needed to discover which third-party applications users have authorized via Google SSO, supporting vendor management and access audits.
Note: This scope can be opted out if your organization prefers not to share this data.
Vanta will be able to write:
Nothing (Vanta does not have write permission)
Related Articles
Troubleshooting FAQ
I don't see roles available when creating an access level in Vanta.
Likely cause: The role management scope may not have been granted during OAuth authorization. Re-authorize the integration and ensure you approve all requested permissions.
Only some of my users are appearing in Vanta.
Likely cause: You may have IDP scoping configured to a specific Google Workspace group. Check your scoping configuration and ensure all desired users are members of the scoping group. See https://help.vanta.com/en/articles/11345768-controlling-scope-through-google-workspace.
MFA status is not showing for some users.
Likely cause: Users who have never logged in may not have MFA status data. Newly created accounts need to complete initial login and MFA setup.