G Suite by Google
  • 2 minutes to read
  • Print
  • Share
  • Dark
    Light

G Suite by Google

  • Print
  • Share
  • Dark
    Light

G Suite is a set of cloud computing, productivity, collaboration, device, user, and data management tools developed by Google.

To connect Axonius to G Suite you need to:

  1. Enable Cloud APIs
  2. Create a service account and grant permissions to that service account



The G Suite adapter connection requires the following parameters:

  1. Email of an admin account to impersonate – The email of your G Suite admin.
  2. JSON Key pair for the service account – Upload the JSON file you have created for your service account. For more details, see the sections below.
  3. Get OAuth Apps - Check this to fetch the OAuth applications used by each user.
Note
This data requires the following additional privilege to your G Suite admin account: https://www.googleapis.com/auth/admin.directory.user.security
  1. Choose Instance – If you are using multi-nodes, choose the Axonius node that is integrated with the adapter. By default, the 'Master' Axonius node (instance) is used. For details, see Connecting Additional Axonius Nodes

image.png

Enabling Cloud APIs

To enable the Cloud APIs:

  1. Go to the Google Cloud Console and select the project that you want Axonius to connect to.

  2. Go to APIs & Services -> Dashboard.
    image.png

  3. Axonius requires the 'Admin SDK' API. Verify that it appears in the list.

If it does not appear in the list, click Enable APIs and Services at the top of the screen, search for Admin SDK. Then click Enable.

Creating a Service Account

To create a service account:

  1. Go to the Google Cloud Console and select the project that you want to create the service account in.

  2. Go to IAM & admin -> Service accounts.
    image.png

  3. Click Create Service Account and fill in the details.
    image.png

  4. In the next tab, continue without setting any roles.
    image.png

  5. Next, click Create Key and create a JSON type key:
    image.png

  6. Your JSON key will be downloaded. Finish creating the user and go back to the service accounts screen.

  7. Click on the newly created service account and then click the Edit link in the top.

  8. Click Show Domain-Wide Delegation and select Enable G Suite Domain-wide Delegation.

  9. Click Save to finalize the changes.
    image.png

  10. Go back to the service accounts list. you can now view the client-id for the service account. Copy it.

  11. Open the G Suite Admin Panel and search for Manage API Client Access, then open it.

image.png

  1. In the client name field , specify your client id of the service account. In the One or More API Scopes section, specify these scopes:
https://www.googleapis.com/auth/admin.directory.device.mobile.readonly,https://www.googleapis.com/auth/admin.directory.user.readonly

if you would like to fetch OAuth applications, add the https://www.googleapis.com/auth/admin.directory.user.security scope to the list above.

image.png

  1. Click Authorize.
Was this article helpful?