# Google Workspace (G Suite) ## Introduction Google Workspace (G Suite) is a powerful suite of tools that helps teams collaborate and communicate effectively. It can be integrated with a variety of other tools to streamline workflows and improve efficiency. This guide will walk you through the steps required to integrate Google Workspace with Perimeters. ## Available Features * Misconfiguration Rules * Identity Rules * User Inventory * Shadow Application Inventory * Devices Inventory * Shadow Application Rules ## Prerequisites * A Google Workspace (G Suite) Business Starter subscription or higher. * A user account within the Google Workspace instance with the required privileges, or a Super Admin account.
Follow these steps to create custom role for integration 1. Login to 2. Click add new user, fill the identity details and primary email -> Select 'Add New User'. 3. Go to 4. Click 'Create new role' 5. Add suitable name and description. eg *Custom Perimeters Integration* 6. Search and select following privileges: * Reports * User Security Management * Groups -> Read * Organization Units -> Read * Users -> Read * Services -> Groups for Business -> Groups Service Settings 7. Click 'Save' 8. Select new created custom Role eg. *Custom Perimeters Integration* 9. Assign User -> Select Newly Created user.
## Required Scopes | Scope | Use | | -------------------------------------------------------------------------- | ---------------------------------------------------------------------------------- | | | See your primary Google Account email address | | | See your personal info, including any personal info you've made publicly available | | | See your organization's GSuite directory | | | See info about users on your domain | | | Read permissions for users on your domain | | | View delegated admin roles for your domain | | | View groups on your domain | | | View your mobile devices' metadata | | | View your ChromeOS devices' metadata | | | View domains related to your customers | | | View Google Single Sign On information | | | View the settings of a G Suite group | | | View audit reports for your G Suite domain | ## Onboarding Google Workspace (G Suite) in your Perimeters account 1. Go to "Integrations" -> Select "Google Workspace" -> Click "+ Add" -> Click "+ Start Integration". 2. **"OAuth" -**\ Click "Sign in with Google" -> Check all the scopes checkboxes and click on "Continue". 3. Click "Finish" to complete the onboarding process. Once you have completed these steps, Google Workspace (G Suite) should be successfully integrated with your Perimeters account. **Note**: Perimeters uses and transfers information using Google APIs. It does so in accordance with its [privacy policy](https://www.perimeters.io/privacy) and in compliance with the [Google API Services User Data Policy](https://developers.google.com/terms/api-services-user-data-policy). ## **Granting Additional Feature Access** To allow access to users' data without their explicit consent, add scopes in Domain Wide Delegation. Feature details, required scopes, and steps are outlined below. 1\) *Go to* [***Google Workspace Admin Console***](https://admin.google.com/) *-> Security -> Access and data control -> API Controls ->* [*Manage Domain-wide delegation.*](https://admin.google.com/ac/owl/domainwidedelegation) 2\) Click -> Add New Client -> Google Consent form should be presented to you with a request to grant [**required privileges**](https://support.perimeters.io/perimeters-documentation/connecting-perimeters/saas-applications/google-workspace-g-suite#required-privileges). and add clientId as - 101707398122463816262. 3\) Examine the permissions and select 'Continue' to grant authorization for your integration. 4\) Once done, click on the**"Validate"** button below to verify the installation. ### Integration Scopes Following scopes are required **if custom role** is being used for integration. | Scope | Use | | -------------------------------------------------------------------------- | ------------------------- | | | Read Mobile Devices | | | Read ChromeOS Devices | | | Read Organization Domains | | | Read Roles | | | Read User OAuth Tokens | ### Misconfiguration Rules The following scopes give finer misconfiguration insights on an Organization Unit level.
ScopeUse
https://www.googleapis.com/auth/cloud-identity.policies.readonlyRead Configurations
https://www.googleapis.com/auth/cloud-identity.inboundsso.readonlyRead Single Sign On Information
https://www.googleapis.com/auth/admin.directory.orgunit.readonlyRead Organization Units
https://www.googleapis.com/auth/apps.licensingRead User's License Details
### Shadow Applications When a user grants Perimeters.io access to read organisational email metadata, our platform scans the metadata across the entire organization to detect and identify SaaS application usage (also known as Shadow IT). Perimeters.io only accesses email metadata, ensuring the security of the email content. This process provides visibility into third-party applications being used within the organization, helping IT and security teams authorize and manage these based on potential risks and take corrective action. | Scope | Use | | --------------------------------------------------------------- | -------------------------- | | | Read Users' Email Metadata | | | Read Directory Users | ### Shared Data This is essential in identifying user activity and threats related to data transfers. | Scope | Use | | ------------------------------------------------------------ | -------------------------------- | |

| | |

| Read Drive Files Metadata | |

| | |

| Modify Files Sharing | |

| | |

| Read Drive Files Sharing Changes | Once you have completed these steps, Google Workspace should be successfully integrated with your Perimeters account. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://support.perimeters.io/perimeters-documentation/connecting-perimeters/integrations-for-security-insights/saas-applications/google-workspace-g-suite.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.