Google Workspace

Connect your Google Workspace to Verosint for real-time identity threat detection and response, enabling faster and more efficient remediation.

Requirements

Before getting started, please review the following requirements:

  1. You need administrative privileges to the Google Workspace to
    1. authorize new clients
    2. create a new user for the integration (optional)
  2. The Verosint integration requires enabling domain-wide delegation in the Google Workspace
  3. You need administrative privileges to the Verosint workspace to configure the integration
⚠️

For security reasons, it is highly recommended to create a new user to integrate with Verosint.

Required Roles for Google Workspace User

A new user set up for this integration must have the following roles:

  • Reports
  • Users → Read

The follow scopes are required when adding the Verosint client to the Google Workspace:

  • https://www.googleapis.com/auth/admin.reports.audit.readonly
  • https://www.googleapis.com/auth/admin.directory.user.readonly

Enable Domain-Wide Delegation for Verosint

  1. Log into the Google Workspace Admin console and navigate to the SecurityAccess and data controlAPI controls page.

  2. Select Manage Domain Wide Delegation

  3. Click Add new to add a new client ID: 115459943186423760974

  4. Authorize the below scopes. Hover on the right side of the text to copy the scopes. Note that the entire list of scopes are visible when you scroll to the right.

    https://www.googleapis.com/auth/admin.reports.audit.readonly,https://www.googleapis.com/auth/admin.directory.user.readonly

Configure the Identity Access Integration in Verosint

  1. As an administrator, log into the Verosint application
  2. Navigate to Account → Settings
  3. Under the Identity Access Integrations section, click Add next to the Google Workspace option
  4. Enter the email of the Google Workspace user that has the following roles: Reports, Users → Read
  5. Hit Save.