Can users’/company data be at risk when a G Suite admin domain-wide installed PerformFlow?

Understand how safe is your users’ and company data during the installation of PerformFlow for your domain.

Content:
  • Difference between installation by Individual vs. G Suite Admin
  • Does your permission for PerformFlow allow it to have access to all your user’s data?
  • Is your company and user data at risk?
  • Can I whitelist PerformFlow instead of domain-wide installation?

Difference between installation by Individual vs. G Suite Admin

An individual can install PerformFlow from G Suite Marketplace or Chrome Web Store page. During installation, the user will be asked for authorization of a set of permissions that are needed for PerformFlow.

As a G Suite admin, you can also pre-install and pre-authorize PerformFlow from G Suite Marketplace, for all users of your domain. Your installation for domain-wide use, is one-time and makes PerformFlow readily available for all your users.

You authorize and grant the same set of permissions as in an individual install, but you do it on behalf of all your users as well. So when the users want to use PerformFlow, they don’t need to individually authorize it again.


Does your permission for PerformFlow allow it to have access to all your user’s data?
Absolutely not. Your permission to use PerformFlow does not give us extra rights to access the data of your users.

We cannot impersonate your users and retrieve their Drive/Gmail data, programmatically.

We can retrieve their data only when a specific user interacts with PerformFlow add-on. This behavior is exactly as if he has installed and authorized PerformFlow himself.


Is your company and user data at risk?
Absolutely not. Domain-wide installation is not the same as domain-wide access (referred as domain-wide delegation of authority) to your users’ data.

Unlike many other G Suite apps, PerformFlow does not ask to create a ‘service account with domain-wide delegation’. So PerformFlow does not access to data of the users who aren’t actually using the product.


Can I whitelist PerformFlow instead of domain-wide installation?

OAuth apps whitelisting is to specifically allow selected third-party applications to access your users’ G Suite data.

PerformFlow is neither a G Suite web application (it is an add-on for Google Sheets) nor does it ask for access to your users’ data (via domain-wide delegation of authority).

So whitelisting is not applicable for PerformFlow.

Comments are closed.