- Google Workspaces User with Admin Permissions is needed for this integration
- Google Workspaces Licensing above Free Tier
- An active Blumira Sensor
Create a GCP Project
- With Google Workspaces Admin Permissions, go to the GCP Console: https://console.cloud.google.com.
- Create a GCP Project:
- Next to the Google Cloud Platform Header – Select the New Project – Dropdown
- Click New Project
- In the New Project window that appears, enter a unique project name
- Select the Organization you’d like to use (typically the default listed is best)
- Enter the parent organization in the Location box if it isn’t pre-populated (usually matches the organization domain)
- When finished, click Create
- Once created, select the Project you’ve created in the Project drop down near the GCP header in the top left of your screen
- Create GCP Service Account (for fetching logs):
- From the GCP Console, switch to the project you created or desire to use in the top left.
- On the left toolbar, select IAM & Admin > Service Accounts.
- Select +Create Service Account at the top of the page.
- Enter a unique service account name.
- Enter a unique service account ID
- Enter a service description.
- Click Create and continue.
- Select the drop-down Select A Role,and choose Service Account in the left column and Service Account Token Creator in the right column.
- Click Continue.
- Click Done at the bottom.
- Select your new service account from the list.
- Click on the KEYS tab.
- Click Add Key > Create New Key.
- Select JSON format for key. The json file should automatically download from your browser.
- Find your Client_ID:
- Open the JSON Key file on your local machine in a plain text editor (Notepad, Wordpad, Notepad++).
- Find the Client_ID and copy the number.
- Save the File to use it again in later steps.
Enable Google APIs
- Enable the Google Admin SDK API:
- From the GCP Main Console Page, select the same project you created in previous steps on the top left.
- Navigate to APIs & Services > Library.
- In the search bar – Type “Admin SDK”.
- Select the Admin SDK API.
- Select Enable.
- Enable the Identity and Access Management (IAM) API:
- Return to the same API Library page as shown in the previous section.
- In the search bar, type “IAM API”.
- Select the Identity and Access Management (IAM) API.
- Select Enable.
Link APIs to Google Workspaces
- Go to https://admin.google.com and log in as a global admin.
- In the left side toolbar – go to Security > Access and data control > API Controls .
- Scroll to the bottom section called “Domain-Wide Delegation”.
- Select Manage Domain Wide Delegation.
- Select Add New.
- In the Add a new Client ID window, enter the Client_ID number saved from the JSON file in previous steps.
- Copy and paste the following into the OAuth Scopes section: https://www.googleapis.com/auth/admin.reports.audit.readonly,https://www.googleapis.com/auth/iam
- Click Authorize.
Note: Per Google’s Delegation of Authority documentation: “Only users with access to the Admin APIs can access the Admin SDK Reports API, therefore your service account needs to impersonate one of those users to access the Admin SDK Reports API.” In other words, you’ll need to provide the email address of one of your Workspaces users with admin console access so that the module can use the account to fetch your Google logs.
Lastly, you’ll need to connect Google Workspaces (formerly GSuite) to the Blumira platform. Start by logging into the Blumira Console, as an administrator.
- Go to the left side toolbar and select Settings > Sensors.
- Select the Sensor you’d like to use.
- Scroll down to the Modules section – Select Add Module on the right.
- Type in Gsuite and select the most current module.
- The window below will appear:
- Log Source Name – Optional – Enter anything you’d like to name it.
- GCP Service Account Credential JSON – Copy and paste the JSON file from previous steps into the window.
- GSuite Admin Email Address – Enter an email address of an existing user in Google Workspaces with Domain Admin privileges.
- Click Install.
- Within minutes, the module will be operational and collect the last 90 days worth of logs into the Blumira platform.