Can users’/company data be at risk when a Google Workspace admin domain-wide installed PerformNoti?

Understand how safe is your users’ and company data during the installation of PerformNoti for your domain.

DIFFERENCE BETWEEN INSTALLATION BY INDIVIDUAL VS. Google Workspace ADMIN

An individual can install PerformNoti from Google Workspace Marketplace or Chrome Web Store page. During installation, the user will be asked for authorization of a set of permissions that are needed for PerformNoti.

As a Google Workspace admin, you can also pre-install and pre-authorize PerformNoti from Google Workspace Marketplace, for all users of your domain. Your installation for domain-wide use, is one-time and makes PerformNoti readily available for all your users.

You authorize and grant the same set of permissions as in an individual install, but you do it on behalf of all your users as well. So when the users want to use PerformNoti, they don’t need to individually authorize it again.

DOES YOUR PERMISSION FOR PERFORMNOTI ALLOW IT TO HAVE ACCESS TO ALL YOUR USER’S DATA?

We cannot impersonate your users and retrieve their Drive/Gmail data, programmatically.

We can retrieve their data only when a specific user interacts with PerformNoti add-on. This behavior is exactly as if he has installed and authorized PerformNoti himself.

IS YOUR COMPANY AND USER DATA AT RISK?

Unlike many other Google Workspace apps, PerformNoti does not ask to create a ‘service account with domain-wide delegation’. So PerformNoti does not access to data of the users who aren’t actually using the product.

CAN I WHITELIST PERFORMNOTI INSTEAD OF DOMAIN-WIDE INSTALLATION?

OAuth apps whitelisting is to specifically allow selected third-party applications to access your users’ Google Workspace data.

PerformNoti is neither a Google Workspace web application (it is an add-on for Google Sheets) nor does it ask for access to your users’ data (via domain-wide delegation of authority).

So whitelisting is not applicable for PerformNoti.