Sigstr has multiple, powerful G Suite integrations to help make implementation easy. This article outlines those, the scopes & permissions required, and how you can securely connect them to your organization.
Connecting Sigstr to G Suite done through a standard OAuth 2.0 connection, which must be performed by a Super Admin user (or service account) in the desired G Suite instance. As a result, Sigstr only retains an authorization token from G Suite, and will never see/store your actual Super Admin credentials.
Level of Access
While this connection is performed by a Super Admin user (or service account), Sigstr does not receive Super Admin-like access to G Suite or any of its applications (Gmail, Calendar, Drive, Sites, Marketplace Apps, etc).
Sigstr only receives the ability to perform API actions in G Suite, as defined by the requested scopes. These scopes are reviewable during the OAuth connection workflow and are listed below.
Points of Integration
Sigstr provides granular control over the access you decide to provide. The three integration points described below can be enabled on an as-needed basis.
Sigstr takes an only-as-needed approach to all integrations, to ensure only the minimum level of access is required.
Below are the Scopes requested from G Suite, and Google's description of each.
1. Signature Syncing - "Sigstr Signatures for G Suite"
This integration point is only required to control Gmail signatures on behalf of users.
It excludes permissions for reading user data.
Manage your basic mail settings
Manage your sensitive mail settings, including who can manage your mail
2. Importing User Data - "Sigstr for G Suite"
This integration point contains the same permission set as the G Suite Signature Sync, with an added permission if you want Sigstr to create users from you G Suite Directory.
Permissions from "Sigstr Signatures for G Suite", plus...
View users on your domain
3. Sigstr Relationships - "Sigstr Collector for G Suite"
This integration point is only required if you want to make use of Sigstr Relationship Scores, Intent Scores, and Location Analytics. This is NOT required for email signature management.
View users on your domain
See, edit, share, and permanently delete all the calendars you can access using Google Calendar
View your email messages and settings
Send email on your behalf
View your email address
See your personal info, including any personal info you've made publicly available
Integration Security FAQs
Why is a Super Admin User Required to Connect?
Super Admin users in G Suite have the ability to perform what Google calls "domain wide delegation". This gives 3rd party applications like Sigstr the ability to take action on behalf of end-users. Sigstr uses domain-wide delegation to perform an email signature update in Gmail, so that your employees can get a Sigstr signature without having to be bothered to do anything on their own.
Do I Have to Give Sigstr Access to all G Suite Users?
No. During the OAuth connection workflow, Google allows you to specify a single Org Unit in G Suite, to which the requested scopes & permissions will apply. After connecting, you can edit the Sigstr service in your G Suite to grant or revoke access to any desired Org Units. Google only allow for this access management to be done with Org Units, and does not provide the same control with G Suite Groups.
Do I Have to Leave the G Suite Signature Sync Connected Persistently?
No. The Signature Sync integration is only used to update the HTML email signature of each user who should be using Sigstr. If desired, you may revoke this access through G Suite and/or your Sigstr Account Settings. This connectivity can be temporarily re-established any time you need to push a new signature to an employee.
Are there Alternatives to the G Suite Integration for Controlling Signatures?
Yes. If you don't want to provide Sigstr access to manage email signatures, users are able to log into Sigstr's Install Page, where they can copy their personalized signature & campaign banner, and paste it into Gmail settings individually. While this is still fully compatible with dynamic, targeted Campaigns and Alternate Banner selection (provided by Sigstr's Chrome Extension), it does miss out on the benefit of being able to centrally control signatures.