Google Group

Definition


The Google Group trigger starts a flow automatically when a user is added to or removed from a specified Google Group. It leverages the Google Audit Reports API to monitor group membership changes in real time.

This trigger is ideal for workflows that need to react immediately to group updates — such as onboarding new team members, revoking access, sending notifications, or keeping group memberships in sync with other systems. You can choose whether to respond to additions, removals, or both, and further control when the flow runs using Conditional Run filters based on the trigger outputs.



Example Use Cases


1. Automated Onboarding for New Group Members

Trigger a flow when a user is added to a specific group (e.g., [email protected]) to grant access to systems, send welcome emails, or update directories.


2. Revoke Access When Users Are Removed

When a user is removed from a sensitive group (e.g., [email protected]), automatically revoke tool access or notify IT to follow up.


3. Conditional Run: Only Respond to Specific Roles

Use Conditional Run to execute the flow only if the user’s group role is OWNER or MANAGER, skipping actions for basic members.


4. Conditional Run: Target Specific Groups

Monitor multiple groups with a shared connection, but use Conditional Run to trigger flows only when changes occur in select groups (e.g., skip changes to archived or test groups).


5. Audit Logging of Membership Changes

Log all member add/remove events to a centralized Google Sheet or database for audit and compliance tracking.


6. Send Admin Alerts for Suspicious Activity

If a high-privilege user (e.g., from the security team) is removed from a critical group, trigger a security alert or send a notification to designated stakeholders.



⚙️ Configuration



Setting

The Google Group trigger allows you to initiate flows based on membership changes in a monitored Google Group. The Setting consists of three main fields:

1. Google Audit Report Connection

This is the authentication link between your flow platform and your Google Workspace audit logs.

  • It enables secure access to audit activity related to Google Groups.
  • You must connect a valid Google Workspace account with appropriate admin permissions to monitor group events.

2. Event to Monitor

Specify which group-related membership event should trigger the flow.

Options:

  • member added: Flow starts when a user is added to the selected group.
  • member removed: Flow starts when a user is removed from the group.

Use this setting to define the direction of the event — whether you’re reacting to a new user joining a group or a member being removed.


3. Group Email Address

Enter the email address of the Google Group you want to monitor (e.g., [email protected]).

  • This ensures the flow only responds to changes in that specific group.
  • Helps filter noise from other groups if your workspace manages many.

You can find group addresses in the Google Groups admin console or directly from the Groups listing in Google Workspace.


Conditional Run

The Conditional Run feature lets you define specific conditions that must be met for the trigger to initiate the flow. If a group membership event occurs but the conditions you’ve set aren’t met, the flow will be skipped and no further actions will execute.

This allows you to build more focused and context-aware automations — for example, responding only to group changes initiated by admins, or filtering by specific group email addresses.


How Conditional Run Works

Once enabled, you can define one or more rules using AND / OR logic. Each rule contains the following four elements:


Condition Type

  • When: The flow will run only if the condition evaluates to true.
  • Except When: The flow will be skipped if the condition evaluates to true.

Value to Evaluate

This is the data field you want to apply the condition to.For the Google Group trigger, this may include outputs such as:

  • Event Name — e.g., add_user, remove_user
  • Group Email — to monitor only specific groups
  • Actor Type — to respond only to admin actions
  • Member Role — e.g., only when an OWNER is removed
  • Event Time — to restrict events by time/date
  • Member Email — to respond differently for specific users

You can also reference:

  • Vaults – secure static values such as expected domains, roles, or restricted addresses.

🔐

Vaults are managed from your workspace under Settings → Vaults. They are read-only and secure at runtime.


Operator

This defines how the selected value is compared. Available operators include:

  • Equals / Not Equals
  • Greater Than / Greater Than or Equal
  • Less Than / Less Than or Equal
  • Between
  • Is Null / Is Not Null

Comparison Value

The reference value for the comparison.This can be:

  • A fixed string or value (e.g., "[email protected]" or "OWNER")
  • A Vault value (e.g., a monitored domain or restricted group email)
  • Another trigger output value

Example Conditions

  • Run the flow when Event Name equals "add_user"
  • Skip the flow except when Actor Type equals "admin"
  • Run the flow when Group Email equals "[email protected]"
  • Run the flow only if Member Role is not null
  • Use a Vault value to skip events not related to the specified monitored group

This targeted conditional control gives you the flexibility to fine-tune when flows should run — helping you avoid noise and focus your automations on high-impact group changes.



📤 Outputs


When a Google Group event occurs and this trigger activates, it provides a detailed set of outputs that describe exactly what happened, when, and to whom. These outputs can be used:

  • In flow actions via the Token Picker
  • In the Conditional Run section to control whether the flow should proceed based on the event details

These outputs help you build logic-rich automations — for example, by identifying the actor, filtering by group, or logging key membership changes.


1. Event Name

Indicates the type of membership event that occurred.

  • Possible values include: add_user or remove_user
  • Use this to determine if the flow should branch or behave differently for additions vs. removals.

2. Event Time

The exact timestamp of when the event was logged by Google.

  • This is useful for logging, time-based rules, or validating event freshness.

3. Actor Email

The email address of the person who performed the action (added or removed the member).

  • Helps with auditing or alerting based on who made the change.

4. Actor Type

Describes the identity type of the actor who initiated the change.

  • Values might include user, admin, or external
  • Useful if you want to restrict flow execution only to admin-performed changes, for example.

5. Group Email

The email address of the group where the change occurred.

  • This ensures clarity in multi-group environments and supports filtering or routing logic.

6. Member Email

The email address of the user who was added to or removed from the group.

  • Often used in downstream actions like notifying the affected user, updating records, or revoking access.

7. Member Role

Defines the member’s role in the group at the time of the event.

  • Common values: MEMBER, OWNER, MANAGER
  • Use this to apply stricter logic — for instance, only reacting when an owner is removed.

8. Owner Domain

Specifies the domain that owns the affected group.

  • Useful in enterprise environments with multiple domains or delegated admin access.

9. Event Unique Qualifier

A unique string that distinguishes this event from others that may share the same timestamp.

  • Helps prevent duplication or confusion when multiple changes happen simultaneously.


Example: Monitor Admin-Only Group Additions


ScenarioYour IT team manages sensitive Google Groups such as [email protected], used for administrative permissions. You want to track every time a new member is added to this group, but only if the action was performed by an administrator. When such an event occurs, you want to:

  1. Log the details to a Google Sheet for auditing purposes.
  2. Notify the security team by email with the relevant event details.

How to Set It Up

Trigger Configuration:

  • Connection: Use your Google Audit Reports connection
  • Event to Monitor: member added
  • Group Email Address: [email protected]

Conditional Run:

  • When Actor Type equals "admin"(Ensures the flow only triggers if the member was added by an administrator)

Actions in the Flow:

  1. Append Row to Google Sheet

    • Add: Event Time, Actor Email, Member Email, Member Role
  2. Send Email Notification

    • To: [email protected]
    • Subject: "New Member Added to Admin Group"
    • Body: Include Member Email and Actor Email with timestamp

This flow helps maintain visibility and accountability over group access changes — especially for high-privilege groups — without overwhelming your team with alerts for routine changes.