- Print
- DarkLight
Google Directory provide detailed records of activities within the Google Workspace Directory, including user account management, group assignments, and changes to directory objects. These logs are crucial for tracking administrative actions, monitoring for unauthorized changes, and ensuring compliance with organizational policies.
Integration Method: API
Tables: User Inventory Info, Device Inventory Info, Software Inventory Info, Entity Management
Google Directory Configuration
To ingest Google Directory data into your DataBee platform, you must complete the following prerequisites:
Create Google Cloud Project
Create a Google Cloud Service account from the Google Developers Console.
Grant Domain Wide Delegation and add necessary scopes for your services account.
Perform the following steps to create your Google Cloud Project:
Navigate to console.cloud.google.com, and log into the Google account.
On your console click on your organization name in Navigation bar.
On Select a resource window click on New Project.
On New Project window, enter your project name and click on Create.
Perform the following steps to set up service account and grant necessary permissions:
Navigate to console.cloud.google.com, and log into the Google account where you want to set up your Google Workspace credentials.
Navigate to APIs and services > Enabled APIs & Services
Search for the Admin SDK API. Select the Admin SDK API.
In Admin SDK API, select the Enable button to enable the Admin SDK API. Making calls to this API lets you view and manage resources such as user, groups, and audit and usage reports of your domain.
Navigate to IAM & Admin > Service account.
In Service account, select CREATE SERVICE ACCOUNT > Service Accounts.
In Create service account, Name your service account and select Create and Continue and then Done.
In Service accounts, navigate to your new service account name, and select your new service account name.
In the Service account details page for your new service account, perform the following steps:
Navigate to the Keys tab.
Select Add Key > Create new key.
Select JSON key type
Click create
Save the key type JSON file to your selected directory.
Note: Your new public/private key pair is generated and downloaded to your machine, and it serves as the only copy of this key. You are responsible for storing it securely.
Navigate to admin.google.com.
Log in to your administrator Google account.
On the Google Admin home page, navigate to Security > Access and data control > API controls.
In API Controls, navigate to Domain wide delegation, and select Manage Domain Wide Delegation.
In Manage Domain Wide Delegation, select Add new to add a new client ID.
In the Add a new client ID window, perform the following steps:
In the Client ID field, paste the Client ID that is present under client_id key of the private key file of the service account.
In the OAuth scopes(comma-delimited) field, add the following read-only scopes to fetch users, deleted users, roles, and mobile devices data:
https://www.googleapis.com/auth/admin.directory.user.readonly
https://www.googleapis.com/auth/admin.directory.device.mobile.readonly
https://www.googleapis.com/auth/admin.directory.rolemanagement.readonly
Select Authorize.
DataBee Configuration
Log into the DataBee console, navigate to Data > Data Sources and click on Add New Data source.
Search for Google Directory and select it.
Click on API Ingest.
Enter the required details in the form.
In the Client Email and Private Key field, enter the client_email and private_key got from the private key file of the service account created earlier in step 9 of Google Configuration > setup service account section.
In the Admin Email field, enter the Email of the super admin user.
Note:
If your private key appears as:
-----BEGIN PRIVATE KEY----\nyour_private_key\n-----END PRIVATE KEY-----\n
enter only your_private_key in the Private Key field.