I have an app in the Google Workspace Marketplace that links to an external, third party SaaS app and I would like to be able to identify if the user is an admin of their G Suite Domain when they follow the "bookmarked" icon link in the top right dropdown menu. I know that a service account can query these REST endpoints detailed here: https://developers.google.com/workspace/marketplace/reference/rest which gives information about the customer license and user license but I was wondering if there was a way to identify users as a admin of their domain or not.
I know that installs are tracked and can be fed into Google Analytics but I think those are anonymous stats without associated user data. And the information associated with a user's basic profile doesn't include that information (which is also given from an id_token).
Any help would be greatly appreciated!
The appropriate method for this is using Users.get and using the below API request:
GET https://admin.googleapis.com/admin/directory/v1/users/USER_EMAIL_ADDRESS
This will yield the following User resource body:
{
"id": string,
"primaryEmail": string,
"password": value,
"hashFunction": string,
"isAdmin": boolean,
"isDelegatedAdmin": boolean,
...
}
As you can notice, the isAdmin field is returned which will essentially tell you if the user in question is indeed an admin or not.
However, please bear in mind that in order to make use of the API, you must be an admin or, just like you suggested above, to impersonate the admin using a service account.