Skip to main content

Which scopes does Florbs need access to?

This article explains which scopes are necessary in Google Admin Console for Florbs File security in Google Drive.

Niek Waarbroek avatar
Written by Niek Waarbroek
Updated over 12 months ago

Overview

To ensure Florbs functions optimally, access to specific scopes in your Google Admin Console is required. These permissions allow Florbs to access and manage the necessary data and services in your Google Workspace environment.

This article outlines the required scopes, explains why they are necessary, and guides you through securely granting these permissions.

Prerequisites

Before you start, make sure you have:

  • An active Florbs account

  • Super admin role within Florbs

  • Admin privileges on your Google Workspace environment

Why scopes are necessary

Google Workspace uses scopes to define the level of access an application has to your data. Each scope represents a specific type of access, such as reading your Google Directory data or managing your drive files. By requesting only the necessary scopes, we ensure:

  • Security: Access is limited to only what is needed.

  • Functionality: The app can perform its intended functions without interruption.

  • Transparency: You are fully aware of what data and services our app interacts with.

Scopes

Florbs categorizes scopes in general scopes and solution-specific scopes. In this article, we will talk about scopes required for File security for Google Drive solution.

General scopes (required)

/auth/admin.directory.group.member.readonly

  • Purpose: View group members in your Google Workspace environment.

  • Reason: Determine if any group member has the necessary access to Florbs in the absence of direct privileges.

/auth/admin.directory.group.readonly

  • Purpose: View groups in your Google Workspace environment.

  • Reason: Autocomplete functionality when entering email address, for ease of use.

/auth/admin.directory.orgunit.readonly

  • Purpose: View organization units in your Google Workspace environment.

  • Reason: Provide file sharing statistics per organizational unit.

/auth/admin.directory.user.readonly

  • Purpose: View users in your Google Workspace environment.

  • Reason: Access user data to enable syncing of Drive file metadata. Read the number of active users to facilitate the proration billing process.

File security for Google Drives scopes (required)

/auth/admin.directory.domain.readonly

  • Purpose: View domains in your Google Workspace account.

  • Reason: Verify whether files are shared internally or externally.

/auth/admin.reports.audit.readonly

  • Purpose: View audit reports within your organization.

  • Reason: Sync file changes and analyze user behavior.

/auth/drive.admin.labels.readonly

  • Purpose: View file labels as an admin in your Google Drive.

  • Reason: Display data classification statistics.

/auth/drive.metadata.readonly

  • Purpose: View metadata for files in your Google Drive

  • Reason: Display meta information of Google Drive files.

/auth/drive.readonly

  • Purpose: View files in your Google Drive

  • Reason: Show more detailed statistics about files.

    Note: Florbs never reads the content of your files.

File security for Google Drives scopes (optional)

https://www.googleapis.com/auth/drive

  • Purpose: To access and manage Google Drive files.

  • Reason: Enable you to remove or change access permissions to your files.

    Note: Florbs only acts with your explicit approval and never reads the content of your files.

Step-by-step instructions

The instructions below guide you through the steps to activate your Florbs account.

Step 1: Activate the admin account

1. Click on Open user menu

2. Click on Settings

3. Enter the email address for your admin account.

4. Click on Send verification code

5. Click on Send verification code

Please note that it may take up to 15 minutes before the code is sent to your admin email account.

6. Enter your verification code

7. Click on Verify

8. Your admin account is activated

Continue to the next step.

Step 2: Grant access

To enable Florbs to access your Google Workspace account, you need to grant the necessary permissions.

1. Scroll to the scopes section on the Settings page in the app

Choose between full Florbs functionality, including file management, or a read-only mode for insights.

Note: File management features (such as unsharing and labeling files) are available to paying subscribers only. During the free trial, you'll have access to file-sharing statistics for your files.

2. Click on Allow domain-wide delegation

You will be redirected to Google Admin Console where you can enable access.

3. Click on Authorize

Login to your Google Admin Console and click Authorize to grant Florbs access to the necessary scopes.

4. Click on Test scopes

Return to Florbs. Next to the "Allow domain-wide delegation" button, you'll find a "Test scopes" button. This lets you check whether Florbs has access to your Google Workspace environment.

Note: It may take up to 48 hours for scopes to be enabled in Google Admin Console. However, there's no need to wait. You can proceed to the final step of activating Google Drive sync. Florbs will monitor the status of the granted scopes and will automatically start the sync once Google Drive sync is enabled.


Step 3: Enable Google Drive sync

Scroll down to the section Google Drive synchronization.

  1. Enable Google Drive sync

You’ve successfully completed the setup to activate Florbs and begin synchronizing your company data! 🎉

Your dashboard will be ready within 24-48 hours.

Tips and best practices

  • Read-only access: If you only need insights into your company’s Google Drive situation, enabling read-only scopes will suffice. In this mode, Florbs cannot make any changes to your Google Workspace environment. You can always grant additional scopes later if needed. Note that you must include all requested read-only scopes for Florbs to function properly.

  • Full Florbs functionality: Once you’ve reviewed the insights, you may want to take action to protect your files from unauthorized access. Consider using Bulk file management, a powerful feature for addressing risks and managing your data effectively.

Troubleshooting

Issue: Test scopes displays "failed" message.
Solution: Verify if the Florbs admin has restrictions on specific organizational units (OUs). If there are no such restrictions, please contact support using the in-app button or email us at support@florbs.io.

Issue: Verification code is not received.
Solution: Verification codes may take up to 15 minutes to arrive and could be marked as spam. If you still don't receive it, please contact support for further assistance.

FAQ

Q: Can I use Florbs in read-only mode?
A: Yes, you can use Florbs in read-only mode to gain insights into your data without making any changes to files.

Q: How can I revoke Florbs access to my Google Workspace account?
A: Turn off the data sync on the settings page (see step 3 of this article). This will halt data synchronization. To completely revoke access to your Google Workspace environment, log in to your Google Workspace Admin Console, navigate to Security → Access and Data Control → API Controls. Click on "Manage Domain-Wide Delegation," search for "Florbs File Security for Google Drive," and delete the entry. This action will remove Florbs' access to your data.

Q: I want Florbs to delete all data associated with my account.

A: Should you decide not to continue with Florbs, your data will be automatically deleted after our standard retention period. We offer the option to delete your information upon request — just reach out to us at support@florbs.io.


Related Articles
Revoke Florbs access to your Google Workspace account
User roles in Florbs
Understanding inherited permissions in Google Drive
How to remove sharing with a specific domain
Florbs account setup guide
Did this answer your question?