Google Directory
  • 08 Dec 2024
  • 2 Minutes to read
  • Contributors
  • Dark
    Light

Google Directory

  • Dark
    Light

Article summary

Google Directory provide detailed records of activities within the Google Workspace Directory, including user account management, group assignments, and changes to directory objects. These logs are crucial for tracking administrative actions, monitoring for unauthorized changes, and ensuring compliance with organizational policies.

Integration Method: API

Tables: User Inventory Info, Device Inventory Info, Software Inventory Info, Entity Management

Google Directory Configuration

To ingest Google Directory data into your DataBee platform, you must complete the following prerequisites:

  1. Create Google Cloud Project

  2. Create a Google Cloud Service account from the Google Developers Console.

  3. Grant Domain Wide Delegation and add necessary scopes for your services account.

Perform the following steps to create your Google Cloud Project:

  1. Navigate to console.cloud.google.com, and log into the Google account.

  2. On your console click on your organization name in Navigation bar.

  3. On Select a resource window click on New Project.

  1. On New Project window, enter your project name and click on Create.

Perform the following steps to set up service account and grant necessary permissions:

  1. Navigate to console.cloud.google.com, and log into the Google account where you want to set up your Google Workspace credentials.

  2. Navigate to APIs and services > Enabled APIs & Services

  1. Search for the Admin SDK API. Select the Admin SDK API.

  1. In Admin SDK API, select the Enable button to enable the Admin SDK API. Making calls to this API lets you view and manage resources such as user, groups, and audit and usage reports of your domain.

  1. Navigate to IAM & Admin > Service account.

  1. In Service account, select CREATE SERVICE ACCOUNT > Service Accounts.

  1. In Create service account, Name your service account and select Create and Continue and then Done.

  1. In Service accounts, navigate to your new service account name, and select your new service account name.

  1. In the Service account details page for your new service account, perform the following steps:

    1. Navigate to the Keys tab.

    2. Select Add Key > Create new key.

    3. Select JSON key type

    4. Click create

    5. Save the key type JSON file to your selected directory.

      Note: Your new public/private key pair is generated and downloaded to your machine, and it serves as the only copy of this key. You are responsible for storing it securely.


  1. Navigate to admin.google.com.

  2. Log in to your administrator Google account.

  3. On the Google Admin home page, navigate to Security > Access and data control > API controls.

  1. In API Controls, navigate to Domain wide delegation, and select Manage Domain Wide Delegation.

  1. In Manage Domain Wide Delegation, select Add new to add a new client ID.

  1. In the Add a new client ID window, perform the following steps:

    1. In the Client ID field, paste the Client ID that is present under client_id key of the private key file of the service account.

    2. In the OAuth scopes(comma-delimited) field, add the following read-only scopes to fetch users, deleted users, roles, and mobile devices data:

      1. https://www.googleapis.com/auth/admin.directory.user.readonly

      2. https://www.googleapis.com/auth/admin.directory.device.mobile.readonly

      3. https://www.googleapis.com/auth/admin.directory.rolemanagement.readonly

    3. Select Authorize.

DataBee Configuration

  1. Log into the DataBee console, navigate to Data > Data Sources and click on Add New Data source.

  1. Search for Google Directory and select it.

  1. Click on API Ingest.

  1. Enter the required details in the form.

  1. In the Client Email and Private Key field, enter the client_email and private_key got from the private key file of the service account created earlier in step 9 of Google Configuration > setup service account section.

  2. In the Admin Email field, enter the Email of the super admin user.

Note:

If your private key appears as:
-----BEGIN PRIVATE KEY----\nyour_private_key\n-----END PRIVATE KEY-----\n

enter only your_private_key in the Private Key field.


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Eddy AI, facilitating knowledge discovery through conversational intelligence