Understand how safe is your users’ and company data during the installation of PerformFlow for your domain.
- Difference between installation by Individual vs. G Suite Admin
- Does your permission for PerformFlow allow it to have access to all your user’s data?
- Is your company and user data at risk?
- Can I whitelist PerformFlow instead of domain-wide installation?
An individual can install PerformFlow from G Suite Marketplace or Chrome Web Store page. During installation, the user will be asked for authorization of a set of permissions that are needed for PerformFlow.
As a G Suite admin, you can also pre-install and pre-authorize PerformFlow from G Suite Marketplace, for all users of your domain. Your installation for domain-wide use, is one-time and makes PerformFlow readily available for all your users.
You authorize and grant the same set of permissions as in an individual install, but you do it on behalf of all your users as well. So when the users want to use PerformFlow, they don’t need to individually authorize it again.
We cannot impersonate your users and retrieve their Drive/Gmail data, programmatically.
We can retrieve their data only when a specific user interacts with PerformFlow add-on. This behavior is exactly as if he has installed and authorized PerformFlow himself.
Unlike many other G Suite apps, PerformFlow does not ask to create a ‘service account with domain-wide delegation’. So PerformFlow does not access to data of the users who aren’t actually using the product.
OAuth apps whitelisting is to specifically allow selected third-party applications to access your users’ G Suite data.
PerformFlow is neither a G Suite web application (it is an add-on for Google Sheets) nor does it ask for access to your users’ data (via domain-wide delegation of authority).
So whitelisting is not applicable for PerformFlow.