The Google Workspace sensor
The Google Workspace sensor collects and pre-processes activity and usage data related to Google Workspace accounts and services.
Google Workspace sensor prerequisites
Create a Google application, unless you already have one you can use for this purpose.
If the dashboard is empty, click Create project, name your project, and click Create.
Click the Enable APIs and services tab.
Look up the following services:
Admin SDK API
,Gmail API
, andGoogle Drive API
.Click each service and enable it.
Create a service account, unless you already have one.
On the left-side menu, click Credentials.
Under the Service Accounts section, click Create service account.
Fill out the form and click Done. Steps 2 and 3 are optional.
Generate credentials for your service account.
On the left-side menu, click Credentials.
Under the Service Accounts section, click the email address listed.
Click the Keys tab.
Click Add key > Create a new key.
Select JSON as the Key type and click Create.
Note
The file downloaded contains your service account details. You will require this file and some of the information in it (Client ID, Client email and Private key) to successfully set up the sensor.
In the Admin Console, add the necessary permissions.
Using an Administrator account, go to admin.google.com.
On the left-side menu, click Security > Access and data control > API controls.
Click Manage domain-wide delegation.
Click Add new.
Provide the Client ID listed in the downloaded file from step 3.
In the OAuth scopes field, add the following scopes:
https://www.googleapis.com/auth/admin.directory.user.readonly
https://www.googleapis.com/auth/admin.directory.domain.readonly
https://www.googleapis.com/auth/admin.reports.audit.readonly
https://www.googleapis.com/auth/gmail.readonly
https://www.googleapis.com/auth/drive.readonly
https://www.googleapis.com/auth/admin.directory.device.chromeos.readonly
https://www.googleapis.com/auth/admin.directory.user
https://www.googleapis.com/auth/admin.directory.user.security
https://mail.google.com/
Click Authorize.
Setting up the Google Workspace sensor
To configure the Google Workspace sensor, follow these steps:
In GravityZone, navigate to the Configuration page > Sensors Management.
Select Add new to integrate a new sensor.
Select the company where you want to deploy the sensor.
Select the Google Workspace sensor and click Integrate.
On the Check Requirements page, confirm that the prerequisite steps have been completed.
Name the integration and provide the necessary Google Workspace details.
In the Administrator account details section, add the email address you used to log into admin.google.com, at step 4 of the Prerequisites procedure. Provide the domain you want to monitor.
In the Service account details section, provide the required information from the document you downloaded at step 3 of the Prerequisites procedure.
Select Test connectivity.
Select Add sensor.
The new integration will be available in the Sensors Management grid.