Opal supports integrations with Google Groups and Google Workspace. Use the following guide for Google Groups and Google Workspace, and the Google Cloud Platform integration guide for GCP resources.
Supported resources
The Google Workspace integration supports the following:
Resource | Read | Grant and revoke access | Available in Risk Center |
---|---|---|---|
Users | ✔️ | ✔️ | ✔️ |
User attributes | ✔️ | ||
Google Workspace Roles | ✔️ | ✔️ | ✔️ |
The Google Groups integration supports the following:
Resource | Read | Grant and revoke access | Available in Risk Center |
---|---|---|---|
Users | ✔️ | ✔️ | ✔️ |
Google Groups | ✔️ | ✔️ | ✔️ |
1. Add a Service Account for Opal
To connect to Google Groups or Google Workspace, you'll need to create a Google service account with proper permission scopes using the following steps.
- Open the Service accounts page. If prompted, select a project.
- Click "+ Create Service Account" at the top of the page.
- Enter a name and description for the service account. When done click Create.
- Skip the Grant this service account access to project section by clicking Continue.
- Skip the Grant users access to this service account by clicking Done.
- Click into your newly-created service account, and go to the Keys tab.
- Click the Add key drop-down menu, then select Create new key.
- Select JSON as the Key type and click Create. Your new public/private key pair is generated and downloaded to your machine. You can now click Close on the open dialog.
2. Configure Permission Scopes for the Service Account
- Click into your newly-created service account, and go to the Details tab.
- Click open the Advanced Settings section, look under Domain-wide Delegation, and follow the instructions for setting up domain-wide delegation for your service account. Alternatively, use the following instructions:
- From your Google Workspace domain's Admin console, go to Main menu > Security > API controls.
- In the Domain wide delegation pane, select Manage Domain Wide Delegation.
- Click Add new.
- In the Client ID field, enter the client ID under your service account's Details tab > Unique ID.
- In the OAuth Scopes field, enter the desired scopes. Details for what scopes the Google Groups and Google Workspace integrations need are on their setup pages.
Updated 16 days ago