Feb 2, 202310:18 AM - edited Feb 2, 202310:19 AM
Participant
Gmail Inbox Connection requires intrusive privileges - can it be reduced to scope?
SOLVE
Good morning!
My staff was hopeful to use the "Connect your inbox" functionality offered by Hubspot. This component can be connected by clicking "Connect personal email" on Settings > General at the Email tab.
Our email is hosted by Google, which seems to conjure a Gmail-specific Hubspot integration that requires authorization from Gmail.
In connecting, we noticed that Hubspot requests a very aggressive claim, giving them full read-only access to our corporate Google Drive service. As you can imagine, this is a significant risk and trespasses on the scope that connecting one's inbox should require.
Why is this being requested? Is it for a different Hubspot functionality? If so, can the claim groups be separated so that users who want to connect their inbox don't have to give Hubspot the keys to sensitive information stored on Google Drive?
Gmail Inbox Connection requires intrusive privileges - can it be reduced to scope?
SOLVE
Hi everyone! I wanted to make you all aware that we have just released updates to our Google integration authentication flows to only request necessary access. You can view full details in your HubSpot portal > Product Updates, but I'm including the announcement here for reference as well.
What is it?
Several HubSpot-built Google integrations now use an updated authorization framework. While previously these integrations requested permissions for several integrations at once, moving forward each integration will only request access to the minimum required functionality to make the integration work properly.
Note:Other HubSpot-built Google integrations are not impacted by this change.
Why does it matter?
Previously, these integrations were built to optimize for users who wanted to connect to Google in multiple ways. This made it easier when setting up additional integrations, but gave HubSpot more access to some customers’ Google accounts than they were comfortable with, or their IT team permitted.
For example: To connect our Gmail integration, users previously also had to allow access to Calendar, Drive, and Search Console data. If that was not acceptable, the only other option was to use our generic IMAP integration and lose the ability to authenticate directly with Google.
How does it work?
When connecting any of HubSpot’s integrations with Google to your HubSpot portal there is a “HubSpot wants to access your Google Account” screen. You will notice a decreased list of things that HubSpot will be allowed to do if you click Allow. The list will be more tightly correlated to the functionality of that specific integration. When installing additional Google integrations for that account, you will be prompted to grant only the scopes necessary to use the integration.
If your Google integrations are already connected to HubSpot, the access level will remain the same. If you wish to decrease the access level that HubSpot has to your data, you must first revoke HubSpot’s access from your Google account by following the instructions listedhere. Then you can reconnect any desired integrations and will only need to consent to the necessary scopes.
Gmail Inbox Connection requires intrusive privileges - can it be reduced to scope?
SOLVE
Hi everyone! I wanted to make you all aware that we have just released updates to our Google integration authentication flows to only request necessary access. You can view full details in your HubSpot portal > Product Updates, but I'm including the announcement here for reference as well.
What is it?
Several HubSpot-built Google integrations now use an updated authorization framework. While previously these integrations requested permissions for several integrations at once, moving forward each integration will only request access to the minimum required functionality to make the integration work properly.
Note:Other HubSpot-built Google integrations are not impacted by this change.
Why does it matter?
Previously, these integrations were built to optimize for users who wanted to connect to Google in multiple ways. This made it easier when setting up additional integrations, but gave HubSpot more access to some customers’ Google accounts than they were comfortable with, or their IT team permitted.
For example: To connect our Gmail integration, users previously also had to allow access to Calendar, Drive, and Search Console data. If that was not acceptable, the only other option was to use our generic IMAP integration and lose the ability to authenticate directly with Google.
How does it work?
When connecting any of HubSpot’s integrations with Google to your HubSpot portal there is a “HubSpot wants to access your Google Account” screen. You will notice a decreased list of things that HubSpot will be allowed to do if you click Allow. The list will be more tightly correlated to the functionality of that specific integration. When installing additional Google integrations for that account, you will be prompted to grant only the scopes necessary to use the integration.
If your Google integrations are already connected to HubSpot, the access level will remain the same. If you wish to decrease the access level that HubSpot has to your data, you must first revoke HubSpot’s access from your Google account by following the instructions listedhere. Then you can reconnect any desired integrations and will only need to consent to the necessary scopes.
Gmail Inbox Connection requires intrusive privileges - can it be reduced to scope?
SOLVE
Hi! I have the same question. I want to know what's the best practices when you connect an email. Should I use my email account or should we create a new one for HubSpot? It makes sense to use my own account because you can add contacts, follow emails, etc. But it's too intrusive and I'll never know who will read my emails. Maybe the solution is to create a secondary email address for HubSpot only. Something like crm@domain.com but what will happen when we contact our leads, they will never know what's our primary email account and will reply our messages to that secondary email address. I'm stuck on it now. I need to know what's the best practices using email accounts and HubSpot.
Gmail Inbox Connection requires intrusive privileges - can it be reduced to scope?
SOLVE
Even if you were to create a secondary email, you'd still have to grant full drive access. It almost warrants creating a secondary organization - which really makes regulatory compliance a pain.
The easiest solution is for HubSpot to remove the request to have full read access for inbox functionality. That's like the dentist asking for the keys to my house in order to evaluate my dental hygiene.
