Google Integration Guide

Amir Avitzur
Amir Avitzur
  • Updated

Integrating Google with Authomize

Integration with Google provides visibility about your organization’s identities and assets and their access across all of your Google stack, such as your cloud resources in GCP, your data in Google Drive, and your identities and their connected applications in your Google Admin Directory.

Google integration workflow

Google_Integration_Workflow-RL.png

Installation

Start in Authomize

  1. Log into Authomize
  2. Go to Settings/Data Sources and click Google Admin Directory.
    00_Add_New_App.png
  3. Alternatively, click Add New App and then select the Google Admin Directory.
    01_Add_New_App.png

This opens the Update Google Cloud Platform Integration dialog.

  1. In the Integrate Google Cloud Platform dialog:

          Step 1.  Click Go to Google store.
         02_Authomize_GCP_Integration_Dialog.png
          This open’s Google’s Marketplace (to the Authomize page).

Continue in Google Marketplace

  1. On the Authomize page in GCP Marketplace (https://gsuite.google.com/u/0/marketplace/app/authomize/923330393623)
    click Admin Install.
    10_Authomize_on_Google_Marketplace-Admin_Installation.png

If you agree to installing Authomize across your Google Workspace, click Continue.
11_Authomize_on_Google_MP-Installation_Confirmation.png

  1. At this point, a list of all the permissions needed by Authomize for the integration are displayed.
    To continue, click the agree checkbox and then click FINISH.
    12_Authomize_on_Google_MP-Installation_Agreement.png

Note: You can use GCP to limit these further.

  1. If, at this point, you go to Google Apps (Google_Apps_Button_25x25.png), you will see that Authomize was installed.
      13_Authomize_Installed_on_Google_Notice.png 14_Authomize_Installed_on_Google_Apps.png

Return to Authomize GCP Integration page

  1. Fill in the remaining steps with info from GCP.
    Start_at_Step2_Authomize_GCP_Integration_Dialog.png

 Step 2. Enter GSuite admin email address and Organization ID.

You can find your Customer ID at: admin.google.com/u/1/ac/accountsettings
15_Google_Admin_Accounts_page.png

Step 3. Check/uncheck the Allow Authorize to update access policies.

Step 4. Enter a name for this integration

Step 5. Enter an integration owner’s email.

Click Integrate.

5.  Integration will continue in the background. You can come back to check progress.at any time
     When Google is integrated you will see three entries in your Connected Apps list.

17_Google_Integrated.png

What data is collected

Google Admin Directory

  • User Data
    • User name
    • User admin roles
    • Last login
  • User Groups
    • Group name
    • Group member name

Google Cloud Platform

  • Cloud Assets
  • GCP Account
  • Server Names

Google Drive

  • Personal drives
  • Shared drive
  • Files/Folders permissions
  • Who has access to them

Google Calendar

  • Personal calendar names
  • Shared calendar names
  • Who can see calendars

Enabling Write Access (File Share Removal Policies)

In order to enable file-sharing policies to take automatic remediation actions, Authomize needs write access to Google Drive. To do so:

  1. Log in to Google Admin console: https://admin.google.com.
  2. Security -> Access and data control -> API controls -> Domain-wide Delegation
  3. Click on Add new and add the following details:
    • Client ID: 117121108233648975035
    • OAuth scopes: https://www.googleapis.com/auth/drive

Domain-Wide-Delegation.jpg

This additional set of permissions is used solely for revoking file shares. 

Share this

Was this article helpful?

0 out of 0 found this helpful