AdWords is now Google Ads. Our new name reflects the full range of advertising options we offer across Search, Display, YouTube, and more. Learn more

2.2K members online now
2.2K members online now
Dive into multiple domain (Cross/Sub) tracking, implementing Ecommerce and Enhanced Ecommerce, setting up Event tracking, and Universal Analytics code.
Guide Me

Help with multi-tenant google analytics access

[ Edited ]
Visitor ✭ ✭ ✭
# 1
Visitor ✭ ✭ ✭



We have a multitenant application that serves many organizations (our customer base).  We want to give them the ability to see some of their own website's Google Analytics data along side data that our application tracks on our components that get embedded on their site and various other places (don't worry about that part, it's not important to this question).


In other words, we want to be granted access by our client to access their Google Analytics data for reports to be shown inside our application.


I haven't been able to find a tutorial to cover this scenario so am trying to put together how this would work.


1) Would each organization need to create a ClientID in the Google Developer Console and give us that ID, so that when they want to view the reports we would send that ID to Google Analytics?  Or is there some other construct that would be within our application to identify whose Google Analytics data needs to be queried?  Or do we give them *our* client id or its associated email address to grant us permission?


2) Is there a way to get a token without the organization user having to authenticate manually each time they want to view these reports?  It is probable that the people who are viewing these reports are not the same people who manage the Google Analytics account for that organization, so we'd want to store a token that our app could use to authenticate without requiring a fresh OAuth signature each time.  So it might be ok to require OAuth when they first provide the client ID but not every time someone from that org wants to see their reports.


If there is a tutorial that covers this use case please feel free to point me in that direction.  Thanks in advance!



1 Expert replyverified_user

Re: Help with multi-tenant google analytics access

Top Contributor
# 2
Top Contributor
Hi Anye,
This is a tough one (sometimes) and often times, the most simple solution is best.
We've tried a few different routes with this. The first, we gave users their own view with a filter that only showed their subdomain. This didn't scale very well.

The alternative that we tried (and seems to be the most common) is to give the user an option in your application to add their own GA ID. There's no reason that you can't use both your main ID and the tenant ID in the same page/application. This however is where your components DO matter.

The final alternative is providing access to specific reports in your own Web UI using the GA API and the tenant ID as a filter for the reports.

Re: Help with multi-tenant google analytics access

Visitor ✭ ✭ ✭
# 3
Visitor ✭ ✭ ✭
Thanks, Dave.

The websites we're trying to gather info on are the organization's own company websites; not websites that we manage. So the key point is somehow they have to grant us permission to do that. As a total nonsense example, if one of our organizations was the American Kennel Club (it isn't) they have their own website ( that is totally independent of what we do for them. But viewing their website analytics (in this example, page hits etc) alongside the analytics of what we provide them is one of the features I've been asked to implement.

So I don't see option 1 as a possibility. For option 2, I'm not actually certain what our client ID would do for our application if we're using the tenant's client ID. We aren't actually using GA for our own reporting at all, only to pull tenant website data. That's where it's getting fuzzy for me. If they provide their GA ID to our application, how can we integrate such that we only have to get permission when it's first set up and have a storable token we can use in future (since not all end users will be privy to the GA setup for their org and requiring OAuth login every time a user accesses the reports is a non-starter for us)? Option 3 is closest to what I think we'll have to do but just not sure how we handle this access issue.