Skip to content

Users & Groups Management

Best practices for managing user access to Skigk Søkeapp.

User Authentication

Google OAuth Flow

When a user clicks "Logg inn med Google":

  1. Skigk Søkeapp redirects to Google OAuth endpoint
  2. User authenticates with Google Workspace account
  3. Google grants drive.readonly permission
  4. User is logged in to Skigk Søkeapp
  5. Their Drive and Shared Drives become searchable

Access Control

Access is controlled by Google Drive permissions: - If user has access to a file → can search it - If user doesn't have access → cannot see results - Skigk Søkeapp respects all Google Drive permissions

Managing User Groups

Create a Google Group

  1. Go to Google Admin Console
  2. Users and accountsGroups
  3. Click + Create Group
  4. Configure:
  5. Group name: Finance-Team
  6. Group email: finance-team@skigk.no
  7. Who can post: All members
  8. Who can view: All members
  9. Click Create

Add Members to Group

  1. Open the group
  2. Click Members
  3. Click + Add members
  4. Enter email addresses (or upload CSV)
  5. Click Add

Assign Shared Drives to Groups

  1. Create a Google Group for each team/department
  2. Add users to the group
  3. Add the group to the Shared Drive
  4. Users automatically get access to Shared Drive and Skigk Søkeapp search

Example:

Finance Department
├─ Group: finance-team@skigk.no
│  ├─ john@skigk.no
│  ├─ alice@skigk.no
│  └─ bob@skigk.no
│
└─ Shared Drive: Finance
   ├─ Members: finance-team@skigk.no (Content Manager)
   └─ Searchable via Skigk Søkeapp for all members

Offboarding Users

When a user leaves:

  1. Remove from Groups:
  2. Go to Google Admin Console
  3. Find the group

  4. Remove user from members

  5. Remove from Shared Drives:

  6. Go to Shared Drive → Settings → Members

  7. Remove user

  8. Disable Google Account:

  9. Admin Console → Users
  10. Find user → Click Disable

User's data in Skigk Søkeapp automatically becomes inaccessible.

Permissions Matrix

Role Can Search? Can View Results? Can Open Files?
Viewer ✅ (only accessible files) ✅ (if permitted)
Contributor
Content Manager
Manager
Non-member

Security Considerations

Do: - Use Google Groups for team management - Regular audit of group membership - Remove users promptly after they leave - Use descriptive group names

Don't: - Share OAuth credentials - Give users direct Workspace admin access - Store API keys in version control - Use weak passwords for admin accounts

Monitoring & Auditing

View Skigk Søkeapp Activity

  1. Go to Google Admin Console
  2. SecuritySecurity Checkup
  3. Check for unauthorized app access

User Access Report

  1. Go to Users and accountsUsers
  2. Select a user
  3. Check Connected apps & sites
  4. Verify Skigk Søkeapp is authorized

Next Steps