Google Group
Definition
The Google Group trigger starts a flow automatically when a user is added to or removed from a specified Google Group. It leverages the Google Audit Reports API to monitor group membership changes in real time.
This trigger is ideal for workflows that need to react immediately to group updates — such as onboarding new team members, revoking access, sending notifications, or keeping group memberships in sync with other systems. You can choose whether to respond to additions, removals, or both, and further control when the flow runs using Conditional Run filters based on the trigger outputs.
Example Use Cases
1. Automated Onboarding for New Group Members
Trigger a flow when a user is added to a specific group (e.g., [email protected]
) to grant access to systems, send welcome emails, or update directories.
2. Revoke Access When Users Are Removed
When a user is removed from a sensitive group (e.g., [email protected]
), automatically revoke tool access or notify IT to follow up.
3. Conditional Run: Only Respond to Specific Roles
Use Conditional Run to execute the flow only if the user’s group role is OWNER
or MANAGER
, skipping actions for basic members.
4. Conditional Run: Target Specific Groups
Monitor multiple groups with a shared connection, but use Conditional Run to trigger flows only when changes occur in select groups (e.g., skip changes to archived or test groups).
5. Audit Logging of Membership Changes
Log all member add/remove events to a centralized Google Sheet or database for audit and compliance tracking.
6. Send Admin Alerts for Suspicious Activity
If a high-privilege user (e.g., from the security team) is removed from a critical group, trigger a security alert or send a notification to designated stakeholders.
⚙️ Configuration
Setting
The Google Group trigger allows you to initiate flows based on membership changes in a monitored Google Group. The Setting consists of three main fields:
1. Google Audit Report Connection
This is the authentication link between your flow platform and your Google Workspace audit logs.
- It enables secure access to audit activity related to Google Groups.
- You must connect a valid Google Workspace account with appropriate admin permissions to monitor group events.
2. Event to Monitor
Specify which group-related membership event should trigger the flow.
Options:
member added
: Flow starts when a user is added to the selected group.member removed
: Flow starts when a user is removed from the group.
Use this setting to define the direction of the event — whether you’re reacting to a new user joining a group or a member being removed.
3. Group Email Address
Enter the email address of the Google Group you want to monitor (e.g., [email protected]
).
- This ensures the flow only responds to changes in that specific group.
- Helps filter noise from other groups if your workspace manages many.
You can find group addresses in the Google Groups admin console or directly from the Groups listing in Google Workspace.
Conditional Run
The Conditional Run feature lets you define specific conditions that must be met for the trigger to initiate the flow. If a group membership event occurs but the conditions you’ve set aren’t met, the flow will be skipped and no further actions will execute.
This allows you to build more focused and context-aware automations — for example, responding only to group changes initiated by admins, or filtering by specific group email addresses.
How Conditional Run Works
Once enabled, you can define one or more rules using AND / OR logic. Each rule contains the following four elements:
Condition Type
- When: The flow will run only if the condition evaluates to true.
- Except When: The flow will be skipped if the condition evaluates to true.
Value to Evaluate
This is the data field you want to apply the condition to.For the Google Group trigger, this may include outputs such as:
Event Name
— e.g.,add_user
,remove_user
Group Email
— to monitor only specific groupsActor Type
— to respond only to admin actionsMember Role
— e.g., only when anOWNER
is removedEvent Time
— to restrict events by time/dateMember Email
— to respond differently for specific users
You can also reference:
- Vaults – secure static values such as expected domains, roles, or restricted addresses.
Vaults are managed from your workspace under Settings → Vaults. They are read-only and secure at runtime.
Operator
This defines how the selected value is compared. Available operators include:
- Equals / Not Equals
- Greater Than / Greater Than or Equal
- Less Than / Less Than or Equal
- Between
- Is Null / Is Not Null
Comparison Value
The reference value for the comparison.This can be:
- A fixed string or value (e.g.,
"[email protected]"
or"OWNER"
) - A Vault value (e.g., a monitored domain or restricted group email)
- Another trigger output value
Example Conditions
- Run the flow when
Event Name
equals"add_user"
- Skip the flow except when
Actor Type
equals"admin"
- Run the flow when
Group Email
equals"[email protected]"
- Run the flow only if
Member Role
is not null - Use a Vault value to skip events not related to the specified monitored group
This targeted conditional control gives you the flexibility to fine-tune when flows should run — helping you avoid noise and focus your automations on high-impact group changes.
📤 Outputs
When a Google Group event occurs and this trigger activates, it provides a detailed set of outputs that describe exactly what happened, when, and to whom. These outputs can be used:
- In flow actions via the Token Picker
- In the Conditional Run section to control whether the flow should proceed based on the event details
These outputs help you build logic-rich automations — for example, by identifying the actor, filtering by group, or logging key membership changes.
1. Event Name
Indicates the type of membership event that occurred.
- Possible values include:
add_user
orremove_user
- Use this to determine if the flow should branch or behave differently for additions vs. removals.
2. Event Time
The exact timestamp of when the event was logged by Google.
- This is useful for logging, time-based rules, or validating event freshness.
3. Actor Email
The email address of the person who performed the action (added or removed the member).
- Helps with auditing or alerting based on who made the change.
4. Actor Type
Describes the identity type of the actor who initiated the change.
- Values might include
user
,admin
, orexternal
- Useful if you want to restrict flow execution only to admin-performed changes, for example.
5. Group Email
The email address of the group where the change occurred.
- This ensures clarity in multi-group environments and supports filtering or routing logic.
6. Member Email
The email address of the user who was added to or removed from the group.
- Often used in downstream actions like notifying the affected user, updating records, or revoking access.
7. Member Role
Defines the member’s role in the group at the time of the event.
- Common values:
MEMBER
,OWNER
,MANAGER
- Use this to apply stricter logic — for instance, only reacting when an owner is removed.
8. Owner Domain
Specifies the domain that owns the affected group.
- Useful in enterprise environments with multiple domains or delegated admin access.
9. Event Unique Qualifier
A unique string that distinguishes this event from others that may share the same timestamp.
- Helps prevent duplication or confusion when multiple changes happen simultaneously.
Example: Monitor Admin-Only Group Additions
ScenarioYour IT team manages sensitive Google Groups such as [email protected]
, used for administrative permissions. You want to track every time a new member is added to this group, but only if the action was performed by an administrator. When such an event occurs, you want to:
- Log the details to a Google Sheet for auditing purposes.
- Notify the security team by email with the relevant event details.
How to Set It Up
Trigger Configuration:
- Connection: Use your Google Audit Reports connection
- Event to Monitor:
member added
- Group Email Address:
[email protected]
Conditional Run:
- When
Actor Type
equals"admin"
(Ensures the flow only triggers if the member was added by an administrator)
Actions in the Flow:
-
Append Row to Google Sheet
- Add:
Event Time
,Actor Email
,Member Email
,Member Role
- Add:
-
Send Email Notification
- To:
[email protected]
- Subject:
"New Member Added to Admin Group"
- Body: Include
Member Email
andActor Email
with timestamp
- To:
This flow helps maintain visibility and accountability over group access changes — especially for high-privilege groups — without overwhelming your team with alerts for routine changes.
Updated about 11 hours ago