Google Workspace Connector
Follow these steps to create a Google Workspace Connector:
- Enable Access to APIs in API library
- Create Service Account and Download Configuration File
- Grant Scope access to Service Account
- Create Connector in SaaSDR with Google Workspace as application
Enable Access to APIs in API Library
- Navigate to the Google Cloud Platform (GCP) console. (https://console.cloud.google.com/)
- Select the organization.
- Select a project or create a new project.
Ensure that you select the correct project. - In the left sidebar, navigate to APIs & Services > Library.
- In API library, click the following APIs and enable them. To find the API, use the search field.
- Google Drive API
- Admin SDK API
- Google Drive API
Create Service Account and Download the Configuration File
- From the left navigation pane of the GCP console, navigate to IAM & Admin > Service Accounts
- Click Create Service Account.
- Provide a name and description (optional) for the service account and click Create.
- Choose the Viewer role and the Security Reviewer role to assign at least reader permissions to the service account. Click Continue and click Done.
- From the Actions column, click Manage keys.
- Click Add Key and click Create new key.
A message saying 'Private key saved to your computer' is displayed, and the JSON file is downloaded to your computer. - Click Close > Done.
Save the configuration (JSON) file to a secure folder and open it in a text editor. This would be needed in subsequent steps.
- Edit the service account again, select Enable Google Workspace Domain-wide Delegation (provide an App Name -for example: QualysSaaSDR), click Save.
Grant Scope Access to Service Account
- Log in to your Google Workspace Admin console (https://admin.google.com/) with the administrator credentials.
- Click Security and expand API controls.
- Click Manage Domain Wide Delegation.
- Click Add new.
- Add the Client ID (client_id value) from the downloaded JSON file and add the following scopes:
https://www.googleapis.com/auth/userinfo.profile,
https://www.googleapis.com/auth/userinfo.email,
https://www.googleapis.com/auth/admin.directory.user,
https://www.googleapis.com/auth/admin.directory.group,
https://www.googleapis.com/auth/admin.directory.group.member,
https://www.googleapis.com/auth/admin.directory.user.security,
https://www.googleapis.com/auth/drive,
https://www.googleapis.com/auth/admin.directory.domain.readonly,
https://www.googleapis.com/auth/admin.reports.audit.readonly,
https://www.googleapis.com/auth/admin.directory.device.mobile,
https://www.googleapis.com/auth/apps.groups.settings,
https://www.googleapis.com/auth/admin.directory.customer.readonly
-
After adding scopes, make sure Group Setting API is enabled.
Enable GROUP SETTING API using the following steps if it is not enabled.- Go to https://console.cloud.google.com/
- Select Project.
- In the left sidebar, navigate to APIs and Services >Dashboard.
- Click ENABLE APIS AND SERVICES.
.
- Search for GROUP SETTING API.
- Click GROUP SETTING API to check if it is enabled. If not, enable them.
Create Connector in SaaSDR with Google Workspace as Application
- Now, on the SaaSDR UI, go to Configuration > Connectors and click Create Connector.
- Select Google Workspace from the SaaS drop-down menu.
- Provide the information in the required fields. Service Account ID, Private Key ID, and Private Key - these are fetched from the JSON downloaded in the previous steps.
- Click Create Connector.
You are redirected to the application's login page, where you must log in using your administrator credentials. Once your connector is created, it is listed in the Configurations > Connectors list. Here, you can check the connector's status and other details.
That's it!
Once the application is connected, a scan is initiated to pull metadata. Depending on the number of resources to be cataloged in your application, this step may take some time to complete.