The following table(s) contains detailed examples of the metadata fields available from the Google Directory API endpoints Worklytics leverages. In order to pseudonymize and sanitize PII and other potentially sensitive data, Worklytics provides access to a Data Loss Prevention (DLP) Proxy, which allows customers to pre-filter metadata, within customer infrastructure, before it is sent to Worklytics for processing.
These are the fields Worklytics recommends but the Worklytics DLP Proxy provides full field-level control and therefore any field may be removed or sanitized.
Field descriptions are taken from third party API documentation, these are maintained on a best effort basis and Worklytics can not guarantee their indefinite accuracy. Please refer to the source API site for the most up-to-date documentation.
How to read the "DLP Proxy" column in the table(s):
🔴 This field is completely redacted by the DLP Proxy
⭕ This field is transformed, usually partially redacted
🟡 This field is "pseudonymized" by the DLP Proxy: only a SHA256 hash of its value is sent to Worklytics; never the value itself
To see only the fully sanitized version of this document, click here.
Worklytics requires access to the following API primary endpoints:
Used to retrieve a list of all groups of a domain (or an individual group)
Endpoints:
/admin/directory/v1/groups
/admin/directory/v1/groups/{groupId}
Used to retrieve a list of members of a group
Endpoints:
/admin/directory/v1/groups/{groupId}/members,
Used to retrieve users metadata
Endpoints:
/admin/directory/v1/users
/admin/directory/v1/users/{accountId}
API docs: https://developers.google.com/admin-sdk/directory/v1/reference/groups
DLP Proxy docs: Google Directory
🟢 Allowed
adminCreated
Boolean
🟡 Pseudonymized
aliases
List of String
Raw example: ["alice@acme.com","aliceatwork@acme.com"]
Sanitized example:
🔴 Redacted
description
String
🟢 Allowed
directMembersCount
Long
🟡 Pseudonymized
email
String
Raw example: alice@acme.com
Sanitized example:
🟢 Allowed
etag
String
🟢 Allowed
id
String
🟢 Allowed
kind
String
🟢 Allowed
name
String
🟡 Pseudonymized
nonEditableAliases
List of String
Raw example: ["alice@acme.com","aliceatwork@acme.com"]
Sanitized example:
API docs: https://developers.google.com/admin-sdk/directory/v1/reference/members
DLP Proxy docs: Google Directory
🟢 Allowed
deliverySettings
String
🟡 Pseudonymized
email
String
Raw example: alice@acme.com
Sanitized example:
🟢 Allowed
etag
String
🟢 Allowed
id
String
🟢 Allowed
kind
String
🟢 Allowed
role
String
🟢 Allowed
status
String
🟢 Allowed
type
String
API docs: https://developers.google.com/admin-sdk/directory/v1/reference/users
DLP Proxy docs: Google Directory
🟢 Allowed
agreedToTerms
Boolean
🟡 Pseudonymized
aliases
List of String
Raw example: ["alice@acme.com","aliceatwork@acme.com"]
Sanitized example:
🟢 Allowed
archived
Boolean
🟢 Allowed
creationTime
ZonedDateTime
🟢 Allowed
customerId
String
🟢 Allowed
deletionTime
ZonedDateTime
🟡 Pseudonymized
emails[]
List of DirectoryEmail
🟡 Pseudonymized
emails[].address
String
Raw example: alice@acme.com
Sanitized example:
🟢 Allowed
emails[].customType
String
🟢 Allowed
emails[].primary
Boolean
🟢 Allowed
emails[].type
String
🟢 Allowed
etag
String
🟡 Pseudonymized
externalIds[]
List of ExternalId
🟢 Allowed
externalIds[].customType
String
🟢 Allowed
externalIds[].type
String
🟡 Pseudonymized
externalIds[].value
String
🟢 Allowed
gender
Gender
🟢 Allowed
gender.type
String
🟢 Allowed
id
String
🔴 Redacted
ims
N/A
🟢 Allowed
includeInGlobalAddressList
Boolean
🟢 Allowed
isAdmin
Boolean
🟢 Allowed
isDelegatedAdmin
Boolean
🟢 Allowed
isEnforcedIn2Sv
Boolean
🟢 Allowed
isEnrolledIn2Sv
Boolean
🟢 Allowed
isMailboxSetup
Boolean
🟢 Allowed
languages[]
List of Language
🟢 Allowed
languages[].customLanguage
String
🟢 Allowed
languages[].languageCode
String
🟢 Allowed
lastLoginTime
ZonedDateTime
🟡 Pseudonymized
locations[]
List of Location
🟢 Allowed
locations[].area
String
🟢 Allowed
locations[].buildingId
String
🟢 Allowed
locations[].customType
String
🟡 Pseudonymized
locations[].deskCode
String
🟢 Allowed
locations[].floorName
String
🟢 Allowed
locations[].floorSection
String
🟢 Allowed
locations[].type
String
🟡 Pseudonymized
name
DirectoryPersonName
🔴 Redacted
name.familyName
String
🔴 Redacted
name.fullName
String
🔴 Redacted
name.givenName
String
🟡 Pseudonymized
nonEditableAliases
List of String
Raw example: ["alice@acme.com","aliceatwork@acme.com"]
Sanitized example:
🟢 Allowed
orgUnitPath
String
🟡 Pseudonymized
organizations[]
List of Organization
🟢 Allowed
organizations[].costCenter
String
🟢 Allowed
organizations[].customType
String
🟢 Allowed
organizations[].department
String
🟢 Allowed
organizations[].description
String
🟢 Allowed
organizations[].domain
String
🟢 Allowed
organizations[].fullTimeEquivalent
Integer
🟢 Allowed
organizations[].location
String
🟢 Allowed
organizations[].name
String
🟢 Allowed
organizations[].primary
Boolean
🟢 Allowed
organizations[].symbol
String
🔴 Redacted
organizations[].title
String
🟢 Allowed
organizations[].type
String
🔴 Redacted
posixAccounts
N/A
🟡 Pseudonymized
primaryEmail
String
Raw example: alice@acme.com
Sanitized example:
🔴 Redacted
recoveryEmail
N/A
🔴 Redacted
recoveryPhone
N/A
🔴 Redacted
relations
N/A
🔴 Redacted
sshPublicKeys
N/A
🟢 Allowed
suspended
Boolean
🟢 Allowed
suspensionReason
String
🟢 Allowed
thumbnailPhotoEtag
String
🔴 Redacted
thumbnailPhotoUrl
String
🔴 Redacted
websites
N/A