Supported resources
The Google Workspace integration supports the following:| Resource | Read | Grant and revoke access | Available in Risk Center |
|---|---|---|---|
| Users | ✔️ | ✔️ | ✔️ |
| User attributes | ✔️ | ||
| Google Workspace Roles | ✔️ | ✔️ | ✔️ |
| Resource | Read | Grant and revoke access | Available in Risk Center |
|---|---|---|---|
| Users | ✔️ | ✔️ | ✔️ |
| Google Groups | ✔️ | ✔️ | ✔️ |
1. Add a Service Account for Opal
To connect to Google Groups or Google Workspace, you’ll need to create a Google service account with proper permission scopes.- Open the Service accounts page. If prompted, select a project.
- Select + Create Service Account. Enter a name, ID, and description, then click Done.
- Select your newly-created service account, and go to the Keys tab.
- Select Add key > Create new key.
- Select JSON as the Key type and click Create. Your new public/private key pair is generated and downloaded to your machine.
2. Configure Permission Scopes for the Service Account
- Select your newly-created service account, and go to the Details tab.
- Open the Advanced Settings section, look under Domain-wide Delegation, and follow the instructions for setting up domain-wide delegation for your service account.
- From your Google Workspace domain’s Admin console, go to Main menu > Security > Access and data controls > API controls.
- In the Domain wide delegation pane, select Manage Domain Wide Delegation. Click Add new.
- In the Client ID field, enter the client ID under your service account’s Details tab > Unique ID.
- In the OAuth Scopes field, enter the desired scopes. Details for what scopes the Google Groups and Google Workspace integrations need are on their setup pages.