< Go Back

Wing’s Basic Permissions Guide

Wing Security non-intrusively discovers the SaaS apps being used by anyone throughout your organization by viewing the SaaS related metadata of the Google or Microsoft sign-in that was used for logging in to those SaaS apps. 

For Wing Security to view this SaaS metadata, a Google Workspace ‘Super Admin’ is needed to approve the permissions for our Google connector, or a Microsoft Azure ‘Admin’ for approving the permissions for our Microsoft connector.


Wing Security Google Permissions

For the Google Connector:

When connecting Google’s connector to Wing Security, the following permissions are requested for approval:

  • View delegated admin roles for your domain
  • View Audit reports for your G Suite domain
  • View organization units on your domain
  • See info about users on your domain
  • Manage data access permissions for users on your domain.
    • Wing Security ONLY uses this permission for seeing which tokens a user issued to 3rd party apps.
    • Wing Security DOES NOT use this permission to sign a user out of all web & device sessions and reset their sign-in cookies.
    • Wing Security DOES NOT use this permission to generate new backup verification codes for the user, which is only applicable with the user’s password.
    • Wing Security DOES NOT use this permission to generate application specific passwords, pull lists, or delete items, which are all features that remain disabled until they are enabled by a user.

Once the required permissions have been granted, Wing’s discovery process begins. Within a few minutes, a list of SaaS apps used throughout your organization will start to appear.

This discovery process may continue for up to 2-3 days, and keeps running till all the SaaS apps connected via Google are detected. After this initial setup, Wing will update the SaaS apps list weekly.

Ready to proceed with granting the permissions? Go to: https://mc.wing.security/apps


For the Microsoft Connector

When connecting Microsoft’s connector to Wing Security, there will be 2 permissions windows on which to click Accept.

The permissions requested in first window:

  • Sign in and read user profile.
  • Maintain access to data you have given it access to.

Be sure to mark the checkbox that says: “Consent on behalf of your organization”













Once ‘Accept’ has been clicked on the 1st permissions window, a 2nd permissions window will appear.

The permissions requested in the 2nd window:

  • Read activity data for your organization
  • Read all users’ full profiles
  • Read all audit log data
  • Read directory data
  • Sign in and read user profile

Once the required permissions have been granted, Wing’s discovery process begins. Within a few minutes, a list of SaaS apps used throughout the organization will start to appear.

The process may continue for up to 2-3 days, and keeps running till all the SaaS apps connected via Microsoft are detected. After this initial run, Wing will update the SaaS apps list once a week.



Ready to proceed with granting the permissions? Go to: https://mc.wing.security/apps


Protect Critical Data.

Secure your SaaS