Google Workspace
| Samurai [Local] Collector | Samurai [Cloud] Collector | Samurai [Cloud Native] Collector |
|---|---|---|
 |
To complete this Integration you will need to perform steps in both Google Workspace and the Samurai MDR portal.
The Google Workspace integration leverages two APIs which are part of the Admin SDK API
Follow the steps below:
1. From Google Workspace
- Enable the Admin SDK API
- Create a service account
- Create credentials for the service account
- Delegate domain-wide authority to the service account
2. From the Samurai MDR portal
Enable the Admin SDK API
Follow the Google API Console Help documentation:
A Google API Console project is required and will be created during the steps.
Ensure you login to the Google Console as a super administrator and use the following parameters when completing the steps:
| Documentation Step | Field Name | Parameter |
|---|---|---|
| 2 | Project Name | Anything you want but we recommend “SamuraiAPI” |
| 2 | Organization | The name of your organization |
| 2 | Location | Anything you want |
| 4 | API Library | Select and enable against the project created in Step 2: “Admin SDK API” “Google Workspace Alert Center API” |
Review the API Console Help pages if you require more information on Google APIs.
Create a service account
Follow the steps outlined within the Google documentation:
Ensure you have the Project selected that you created in Enable the Admin SDK API
Ignore the optional steps 4 and 6 when creating the service account.
Use the following parameters when completing the steps:
| Documentation Step | Field Name | Parameter |
|---|---|---|
| 3 | Service Account Name | Anything you want but we recommend “SamuraiAPI” |
| 3 | Service Account ID | Anything you want but we recommend “SamuraiAPI” |
| 3 | Service Account Description | Anything you want but we recommend “SamuraiAPI” |
Take note of the Service Account email address in Step 3 as it will be needed when you Complete the Google Workspace integration
Create credentials for the service account
Follow the steps outlined within the Google documentation:
| Documentation Step | Field Name | Parameter |
|---|---|---|
| 2 | Project | Select the project created in Enable the Admin SDK API |
| 2 | Service Account | Select the service account you created in Create a service account |
| 4 | Key Type | Ensure “JSON” is selected. |
Download the json file as it will be required when you Complete the Google Workspace integration
Delegate domain-wide authority to the service account
Follow the steps outlined within the Google documentation:
Ensure you login with a super admin account and take note of the associated email address as you will need in when you Complete the Google Workspace integration
Use the following parameters when completing the steps:
| Documentation Step | Field Name | Parameter |
|---|---|---|
| 2 | Service Accounrt | Ensure you select the service account created in Create a service account |
| 5e | OAuth scopes | https://www.googleapis.com/auth/admin.reports.audit.readonly |
| https://www.googleapis.com/auth/admin.reports.usage.readonly | ||
| https://www.googleapis.com/auth/apps.alerts |
Complete the Google Workspace integration
You will need:
- JSON file you downloaded in Create credentials for the service account
- The admin account email used in Delegate domain-wide authority to the service account
- Login to the Samurai MDR portal
- Click Telemetry and select Integrations from the main menu
- Select Create
- Locate and click Google Workspace
- Click Next (we leverage a Samurai Cloud Collector)
- Enter a Name of Integration
- Enter a Description (Optional)
- Enter your Service Account JSON (copy and paste from the json file you downloaded)
- Enter your Domain-Wide delegation account (the admin account email used for domain-wide delegation)
- Click Finish
For general information on Integrations refer to the Integrations article.
Our Integration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the Samurai MDR application and we shall get it updated.