Google Workspace (G Suite)
- 2 Minutes To Read
Google Workspace (formerly G Suite) is a collection of cloud computing, productivity, collaboration, device, user, and data management tools developed by Google.
Types of Assets Fetched
This adapter fetches the following types of assets:
To connect Axonius to Google Workspace you need to:
- Email of an admin account to impersonate – The email of your Google Workspace (G Suite) admin.
- JSON Key pair for the service account – Upload the JSON file you have created for your service account. For more details, see the sections below.
- Get OAuth Apps - Check this to fetch the OAuth applications used by each user.
- For details on the common adapter connection parameters and buttons, see Adding a New Adapter Connection.
- Fetch MDM devices (required, default: True) - Select whether to fetch MDM devices from Google Workspace.
- If enabled, all connections for this adapter will fetch MDM devices.
- If disabled, all connections for this adapter will not fetch MDM devices.
For details on general advanced settings under the Adapter Configuration tab, see Adapter Advanced Settings.
Enabling Cloud APIs
To enable the Cloud APIs:
Go to the Google Cloud Console and select the project that you want Axonius to connect to.
Go to APIs & Services -> Dashboard.
Axonius requires the 'Admin SDK' API. Verify that it appears in the list.
If it does not appear in the list, click Enable APIs and Services at the top of the screen, search for Admin SDK. Then click Enable.
Creating a Service Account
To create a service account:
Go to the Google Cloud Console and select the project that you want to create the service account in.
Go to IAM & admin -> Service accounts.
Click Create Service Account and fill in the details.
In the next tab, continue without setting any roles.
Next, click Create Key and create a JSON type key:
Your JSON key will be downloaded. Finish creating the user and go back to the service accounts screen.
Click on the newly created service account and then click the Edit link in the top.
Click Show Domain-Wide Delegation and select Enable G Suite Domain-wide Delegation.
Click Save to finalize the changes.
Go back to the service accounts list. you can now view the client-id for the service account. Copy it.
Open the G Suite Admin Panel and search for Manage API Client Access, then open it.
- In the client name field , specify your client id of the service account. In the One or More API Scopes section, specify these scopes:
if you would like to fetch OAuth applications, add the
https://www.googleapis.com/auth/admin.directory.user.security scope to the list above.
- Click Authorize.