Opal supports integrations with Google Groups and Google Workspace. Use the following guide for Google Groups and Google Workspace, and the Google Cloud Platform integration guide for GCP resources.
Supported resources
The Google Workspace integration supports the following:
Resource | Read | Grant and revoke access | Available in Risk Center |
---|---|---|---|
Users | ✔️ | ✔️ | ✔️ |
User attributes | ✔️ | ||
Google Workspace Roles | ✔️ | ✔️ | ✔️ |
The Google Groups integration supports the following:
Resource | Read | Grant and revoke access | Available in Risk Center |
---|---|---|---|
Users | ✔️ | ✔️ | ✔️ |
Google Groups | ✔️ | ✔️ | ✔️ |
1. Add a Service Account for Opal
To connect to Google Groups or Google Workspace, you'll need to create a Google service account with proper permission scopes.
- Open the Service accounts page. If prompted, select a project.
- Select + Create Service Account. Enter a name, ID, and description, then click Done.
- Select your newly-created service account, and go to the Keys tab.
- Select Add key > Create new key.
- Select JSON as the Key type and click Create. Your new public/private key pair is generated and downloaded to your machine.
2. Configure Permission Scopes for the Service Account
- Select your newly-created service account, and go to the Details tab.
- Open the Advanced Settings section, look under Domain-wide Delegation, and follow the instructions for setting up domain-wide delegation for your service account.
Alternatively, use the following instructions:
- From your Google Workspace domain's Admin console, go to Main menu > Security > Access and data controls > API controls.
- In the Domain wide delegation pane, select Manage Domain Wide Delegation. Click Add new.
- In the Client ID field, enter the client ID under your service account's Details tab > Unique ID.
- In the OAuth Scopes field, enter the desired scopes. Details for what scopes the Google Groups and Google Workspace integrations need are on their setup pages.
Updated 15 days ago