Skip to content
English
Customer portal
Back to Application
  • There are no suggestions because the search field is empty.

Google Workspace Security Review Integration

This guide will help admins configure and integrate Google Workspace Security review with Cyberknowledge. Adding this integration will allow users to generate a GWS security review assessment report to understand the current security posture of your Google Workspace tenancy.

  1. Create a new project in the console.cloud.google.com portal (or an existing project can be used)
  2. APIs and Services will need to be enabled
    1. Using the search bar at the top search for APIs and Services
    2. Select Enabled APIs and Services on the left navigation menu
  3. Select Enable APIs and Services to open up the API library
    1. Search for the following APIs in the API library:
      1. Admin SDK API
        1. Select the Admin SDK tile
        2. Select Enable to turn the API on
      1. Cloud Identity API
        1. Select the Cloud Identity API tile
        2. Select Enable to turn the API

  4. Navigate to IAM and admin > Service Accounts
  5. Click Create a service account
    GWork
  6. Name the service account and specify an ID
  7. Open the new service account, navigate to Keys and select Add Key > Create a new key
  8. Set the key type to JSON
  9. Select Create
  10. The JSON file will download automatically
  11. The service account will need to be assigned API permissions/scopes in GWORK
  12. Login to admin.google.com
  13. Navigate to > Security > Access and data control > API Controls > Manage Domain-Wide Delegation
  14. Select Add new to define the scopes
    1. Set the Client ID to the Unique ID of the service account
    2. Set the OAuth scopes to:
      1. Copy the below and paste it into the OAuth scopes:
        https://www.googleapis.com/auth/admin.directory.user.readonly,https://www.googleapis.com/auth/admin.directory.group.readonly,https://www.googleapis.com/auth/admin.directory.group.member.readonly,https://www.googleapis.com/auth/admin.directory.domain.readonly,https://www.googleapis.com/auth/admin.directory.orgunit.readonly,https://www.googleapis.com/auth/admin.directory.customer.readonly,https://www.googleapis.com/auth/admin.directory.device.mobile.readonly,https://www.googleapis.com/auth/admin.directory.device.chromeos.readonly,https://www.googleapis.com/auth/admin.directory.rolemanagement.readonly,https://www.googleapis.com/auth/admin.reports.audit.readonly,https://www.googleapis.com/auth/apps.groups.settings,https://www.googleapis.com/auth/gmail.settings.basic,https://www.googleapis.com/auth/drive.readonly,https://www.googleapis.com/auth/calendar.readonly,https://www.googleapis.com/auth/ediscovery.readonly,https://www.googleapis.com/auth/chat.spaces.readonly,https://www.googleapis.com/auth/apps.alerts,https://www.googleapis.com/auth/script.deployments.readonly,https://www.googleapis.com/auth/cloud-identity.policies.readonly,https://www.googleapis.com/auth/cloud-identity.groups.readonly
      2. This is the above list in human readable format

        • https://www.googleapis.com/auth/admin.directory.user.readonly

        • https://www.googleapis.com/auth/admin.directory.group.readonly

        • https://www.googleapis.com/auth/admin.directory.group.member.readonly

        • https://www.googleapis.com/auth/admin.directory.domain.readonly

        • https://www.googleapis.com/auth/admin.directory.orgunit.readonly

        • https://www.googleapis.com/auth/admin.directory.customer.readonly

        • https://www.googleapis.com/auth/admin.directory.device.mobile.readonly

        • https://www.googleapis.com/auth/admin.directory.device.chromeos.readonly

        • https://www.googleapis.com/auth/admin.directory.rolemanagement.readonly

        • https://www.googleapis.com/auth/admin.reports.audit.readonly

        • https://www.googleapis.com/auth/apps.groups.settings

        • https://www.googleapis.com/auth/gmail.settings.basic

        • https://www.googleapis.com/auth/drive.readonly

        • https://www.googleapis.com/auth/calendar.readonly

        • https://www.googleapis.com/auth/ediscovery.readonly

        • https://www.googleapis.com/auth/chat.spaces.readonly

        • https://www.googleapis.com/auth/apps.alerts

        • https://www.googleapis.com/auth/script.deployments.readonly

        • https://www.googleapis.com/auth/cloud-identity.policies.readonly

        • https://www.googleapis.com/auth/cloud-identity.groups.readonly



  15. Select Authorise to save the scopes
  16. Cyberknowledge requires the following for the Integration
    1. Customer Id (Can be found under Account > Account Settings > Profile)
    2. Admin Email Address (Super Admin of the tenant)
    3. JSON payload
  17. Login to the Cyberknowledge console
  18. Navigate to Integrations > Integration Gallery
  19. Select Google Workspace
  20. Name the Integration and fill in the details
  21. After the integration is successfully added the integration will become Active but remain will remain in a Pending state until a GWORK Security Report is Generated through the Assistant Module.

 

Please note that the data captured will only be available from the GWORK Security Review Report that is generated from the Assistant module.

Additionally Cyberknowledge will connect to Google Workspace when a report is requested only.