Skip to main content

The Google Workspace sensor

The Google Workspace sensor collects and pre-processes activity and usage data related to Google Workspace accounts and services.

Google Workspace sensor prerequisites

  1. Create a Google application, unless you already have one you can use for this purpose.

    1. Go to https://console.cloud.google.com/apis/dashboard.

    2. If the dashboard is empty, click Create project, name your project, and click Create.

    3. Click the Enable APIs and services tab.

    4. Look up the following services: Admin SDK API, Gmail API, and Google Drive API.

    5. Click each service and enable it.

  2. Create a service account, unless you already have one.

    1. On the left-side menu, click Credentials.

    2. Under the Service Accounts section, click Create service account.

    3. Fill out the form and click Done. Steps 2 and 3 are optional.

      Google Workspace service account details
  3. Generate credentials for your service account.

    1. On the left-side menu, click Credentials.

    2. Under the Service Accounts section, click the email address listed.

    3. Click the Keys tab.

    4. Click Add key > Create a new key.

    5. Select JSON as the Key type and click Create.

      Google Workspace private key

      Note

      The file downloaded contains your service account details. You will require this file and some of the information in it (Client ID, Client email and Private key) to successfully set up the sensor.

  4. In the Admin Console, add the necessary permissions.

    1. Using an Administrator account, go to admin.google.com.

    2. On the left-side menu, click Security > Access and data control > API controls.

    3. Click Manage domain-wide delegation.

    4. Click Add new.

    5. Provide the Client ID listed in the downloaded file from step 3.

    6. In the OAuth scopes field, add the following scopes:

      1. https://www.googleapis.com/auth/admin.directory.user.readonly

      2. https://www.googleapis.com/auth/admin.directory.domain.readonly

      3. https://www.googleapis.com/auth/admin.reports.audit.readonly

      4. https://www.googleapis.com/auth/gmail.readonly

      5. https://www.googleapis.com/auth/drive.readonly

      6. https://www.googleapis.com/auth/admin.directory.device.chromeos.readonly

      7. https://www.googleapis.com/auth/admin.directory.user

      8. https://www.googleapis.com/auth/admin.directory.user.security

      9. https://mail.google.com/

    7. Click Authorize.

Setting up the Google Workspace sensor

To configure the Google Workspace sensor, follow these steps:

  1. In GravityZone, navigate to the Configuration page > Sensors Management.

  2. Select Add new to integrate a new sensor.

  3. Select the Google Workspace sensor and click Integrate.

  4. On the Check Requirements page, confirm that the prerequisite steps have been completed.

  5. Name the integration and provide the necessary Google Workspace details.

    1. In the Administrator account details section, add the email address you used to log into admin.google.com, at step 4 of the Prerequisites procedure. Provide the domain you want to monitor.

    2. In the Service account details section, provide the required information from the document you downloaded at step 3 of the Prerequisites procedure.

  6. Select Test connectivity.

  7. Select Add sensor.

    The new integration will be available in the Sensors Management grid.