Updated last month
Google OAuth Permissions for SSO in Mysa
Login Methods
Mysa allows users to login via the following SSO (Single-Sign on) methods :
[Pre-requisite : The user email ID must be added onto the platform by an Organisational / IT admin]
Google SSO where users can login via their company registered workspace account OR their personal Gmail account
Microsoft/Entra login via their company registered workspace account OR their personal account
Why SSO
Single-Sign on is one of the most secure ways to authenticate user logins for Google & Microsoft accounts with 3rd party apps such as Mysa due to following advantages :
Security: Mysa automatically inherits your organisation's existing security protocols — including 2FA, OTP verification, re-login triggers on IP changes, and any risk detections enforced by Google or Microsoft. No additional configuration needed.
User Management: Removing a user from your Google or Microsoft workspace automatically revokes their access to Mysa — no separate deactivation needed. That said, we recommend also deactivating them within Mysa as a precautionary step.
Google Documentation
This document covers the permissions we take for Google OAuth Account which are all tagged as NON-SENSITIVE from Google
Permission | Type of Scope | Meaning |
|---|---|---|
auth/userinfo.email | Non-Sensitive | Access to your email ID that you are logging in with |
auth/userinfo.profile | Non-Sensitive | Basic public profile information such as name, profile picture, etc |
openid | Non-Sensitive | Enables OpenID Connect authentication, allowing Mysa to verify and authenticate the user's Google identity |
Link to Google OAuth permissions documentation here. Please search (Ctrl + F) for the following keywords :
userinfo.email
userinfo.profile
openid
Screenshot from Mysa’s Google App permissions