Documentation

Google Groups

Connect your Google Groups organization to Opal to manage and review access.

Suggest Edits

Want to set up Opal to manage access to Google Groups? We have you covered.

Opal's integration with Google Groups supports the following, and more:

  • Users can request time-bounded access to your Google groups.
  • Auditors can initiate access reviews that assign managers or group admins to periodically review users with long-lived access to Google groups.
  • Admins can add resources from other Opal integrations to an Google group so an Google group's members can automatically gain birthright access to, for example, a GitHub repo, AWS IAM role, etc.
  • All access changes are tracked in a permanent audit log that can be logged to a Slack channel or exported to your favorite tools.

Getting Started

Create a Google Groups app

To get started, go to the Catalog page, and click + App. Then, click on the Google Groups tile.

2312

You will see a form to be completed. Opal requires the following credentials in order to manage your Google Groups.

Step 1 - Configure a service account for Opal

For Opal to manage your Google Groups on your behalf, you'll need to create a Google service account with proper permission scopes to retrieve metadata such as group name and description as well as to update the group. Follow the instructions for creating a service account here, and grant it the following scope:

https://www.googleapis.com/auth/admin.directory.group

Step 2 - Fill out Opal form

Back in the Apps form, fill in details about your Google Groups service account:

  • For Opal group email, you should enter the email of the Google group created above.
  • For Google Workspace admin email, you should enter the email of someone in your organization with admin privileges.
  • For domain, you can optionally enter the domain of the Google Workspace. If your Google Workspace has multiple domains, Google Groups will only import Google Groups associated with the domain you enter. By default, if this is not filled out, it is the domain of the Google Workspace admin email.
    Then, click to upload the downloaded JSON file for the created service account.

If this step is successful, you've completed setting up the Google Groups app.

Step 3 - Import Google groups into Opal

There are 2 ways to import your Google groups into Opal.

Technical note: Opal does not currently support syncing entire Organizational Units (OUs) or OU sub trees.

Manual import

You can use the Opal UI to manually select which Google Groups to import into Opal. To do this, click on the "..." -> "Import Items" and then select your groups.

2312 2312

This will query Google Groups to list all groups in your account. From here, you can select which Google Groups you'd like to import into Opal.

Automatic import

You can configure your Google Groups to be auto-imported into Opal each time the Google Groups app is synced.

To automatically import your groups from Google Groups:

  • In Google Groups, create a Google group called Opal. Any groups that you add as members of this group will automatically be imported into Opal.
  • In Opal, navigate to Catalog > Google Groups App
  • Click the Edit button on the top right, then under Import Settings, toggle the setting to Auto-import tagged.

2312

Updated 30 days ago

What’s Next