Terminus has multiple, powerful G Suite integrations to help make implementation easy.  This article outlines those, the scopes & permissions required, and how you can securely connect them to your organization.

 

Authentication

Connecting Email Experiences to G Suite done through a standard OAuth 2.0 connection, which must be performed by a Super Admin user (or service account) in the desired G Suite instance. As a result, Terminus only retains an authorization token from G Suite, and will never see/store your actual Super Admin credentials.

 

Level of Access

While this connection is performed by a Super Admin user (or service account), Terminus does not receive Super Admin-like access to G Suite or any of its applications (Gmail, Calendar, Drive, Sites, Marketplace Apps, etc).

Terminus only receives the ability to perform API actions in G Suite, as defined by the requested scopes. These scopes are reviewable during the OAuth connection workflow and are listed below.

 

Points of Integration

Terminus provides granular control over the access you decide to provide. The three integration points described below can be enabled on an as-needed basis.

Terminus takes an only-as-needed approach to all integrations, to ensure only the minimum level of access is required.

Below are the Scopes requested from G Suite, and Google's description of each.

 

1. Signature Syncing - "Sigstr Signatures for G Suite"

This integration point is only required to control Gmail signatures on behalf of users.

It excludes permissions for reading user data.

View your email address

https://www.googleapis.com/auth/userinfo.email

See your personal info, including any personal info you've made publicly available

https://www.googleapis.com/auth/userinfo.profile

Manage your basic mail settings

https://www.googleapis.com/auth/gmail.settings.basic

Manage your sensitive mail settings, including who can manage your mail

https://www.googleapis.com/auth/gmail.settings.sharing

 

2. Importing User Data - "Sigstr for G Suite"

This integration point contains the same permission set as the G Suite Signature Sync, with an added permission if you want Terminus to create users from you G Suite Directory.

Permissions from "Sigstr Signatures for G Suite", plus...

View users on your domain

https://www.googleapis.com/auth/admin.directory.user.readonly

 

3. Sigstr Relationships - "Sigstr Collector for G Suite"

This integration point is only required if you want to make use of Relationship Scores, Intent Scores, and Location Analytics. This is NOT required for email signature management.

View users on your domain

https://www.googleapis.com/auth/admin.directory.user.readonly

See, edit, share, and permanently delete all the calendars you can access using Google Calendar

https://www.googleapis.com/auth/calendar 

View your email messages and settings

https://www.googleapis.com/auth/gmail.readonly

Send email on your behalf

https://www.googleapis.com/auth/gmail.send 

View your email address

https://www.googleapis.com/auth/userinfo.email

See your personal info, including any personal info you've made publicly available

https://www.googleapis.com/auth/userinfo.profile

 

Integration Security FAQs

Why is a Super Admin User Required to Connect?

Super Admin users in G Suite have the ability to perform what Google calls "domain wide delegation". This gives 3rd party applications like Email Experiences the ability to take action on behalf of end-users. Terminus uses domain-wide delegation to perform an email signature update in Gmail, so that your employees can get an Email Experiences signature without having to be bothered to do anything on their own.

 

Do I Have to Give Terminus Access to all G Suite Users?

​No. During the OAuth connection workflow, Google allows you to specify a single Org Unit in G Suite, to which the requested scopes & permissions will apply. After connecting, you can edit the Terminus service in your G Suite to grant or revoke access to any desired Org Units. Google only allow for this access management to be done with Org Units, and does not provide the same control with G Suite Groups.

 

Do I Have to Leave the G Suite Signature Sync Connected Persistently?

No. The Signature Sync integration is only used to update the HTML email signature of each user who should be using Email Experiences. If desired, you may revoke this access through G Suite and/or your Email Experiences Account Settings. This connectivity can be temporarily re-established any time you need to push a new signature to an employee.

 

Are there Alternatives to the G Suite Integration for Controlling Signatures?

Yes. If you don't want to provide Terminus access to manage email signatures, users are able to log into Email Experiences' Install Page, where they can copy their personalized signature & campaign banner, and paste it into Gmail settings individually. While this is still fully compatible with dynamic, targeted Campaigns and Alternate Banner selection (provided by Terminus' Chrome Extension), it does miss out on the benefit of being able to centrally control signatures.

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.