Skip to main content
Red Canary help

Integrate Google Workspace with Red Canary

  • Updated .

This article leads you through the process of integrating Google Workspace with Red Canary. Follow the procedure from beginning to end. 

Note: If you don't see Google Workspace as an option, please reach out to your Red Canary account team who can talk to you about upgrading.

Step 1: Google Cloud Console–Create a project

Create a Google Cloud Console project to start sending google workspace telemetry for ingestion. 

  1. From your Google Cloud Console dashboard, click Create Project.
    1.png
  2. Fill in the mandatory fields:
    1. Project Name - The name associated with your project
    2. Organization - The name of your organization
    3. Location - Location of your organization
  3. Click Create.

Step 2: Google Cloud Console–Enable the Administrator software development kit (SDK)

Enable the Admin SDK to create and manage admin-controlled resources owned by a Google Workspace account.

  1. From your Google Cloud Console dashboard, type Admin SDK API into the search bar.
  2. From the Marketplace section, click Admin SDK API. Check the drop down in the top left, next to “Google Cloud” and verify that the current project matches the project created in Step 1.
    2.png
  3. Click Enable.

Step 3: Google Cloud Console–Enable the Alert Center API

Enable the Alert Center API to create and manage alerts and issues owned by a Google Workspace account.

  1. From your Google Cloud Console dashboard, type Alert Center API into the search bar.
  2. From the Marketplace section, click Alert Center API.
    3.2.png
  3. Check the drop down in the top left, next to “Google Cloud” and verify that  the current project matches the project created in Step 1.
  4. Click Enable.

Step 4: Google Cloud Console–Create a service account

Create a service account to enable Red Canary to ingest your data.

  1. From your Google Cloud Console dashboard, select the project you created in Step 1.
  2. Click the navigation menu icon.
    3.png
  3. Click IAM & Admin, and then click Service Accounts.
    4.png
  4. Click Create Service Account.
  5. Fill in the mandatory fields:
    1. Service account name
    2. Service account ID 
  6. Click CREATE AND CONTINUE.
  7. Click Done.

Step 5: Google Cloud Console–Create a private key

Create a private key so that sanctioned users can use the service account.

  1. From the service account you just created, click the Actions icon, and then click Manage Keys.
    5.png
  2. Click the Add Key dropdown.
    6.png
  3. Click Create new key.
    7.png
  4. Select JSON, and then click Create.
  5. Save this .JSON file in a secure location.

Step 6: Google Cloud Console–Enable domain-wide delegation for service accounts

Enable domain wide delegation to allow applications to access user data across your organization's Google Workspace environment.

  1. From your Google Cloud Console dashboard, select the project you created in Step 1.
  2. Click the navigation menu icon.
    8.png
  3. Click IAM & Admin, and then click Service Accounts.  
  4. From the service account you just created, click the Actions icon, and then click Manage Details.
    9.png
  5. Copy and save the Client ID (Same as Unique ID).
    10.png
  6. Click View Google Workspace Admin Console.

Step 7: Google Workspace–Grant the Service Account the required API Permissions scope

Granting the service account proper permissions enables Red Canary to ingest all the necessary telemetry.

  1. From your Google Workspace Admin Console, click the Security dropdown.
    11.png
  2. Click the Access and data control dropdown.
  3. Click API Controls.
    12.png
  4.  Scroll down, and then click Manage Domain-Wide Delegation.
    13.png
  5. Click Add New.
    14.png
  6. For the Client Name field, enter the Client ID from Step 6.5.
  7. For the OAuth scopes field, enter:
    1. https://www.googleapis.com/auth/admin.reports.audit.readonly
    2. https://www.googleapis.com/auth/apps.alerts 
    3. https://www.googleapis.com/auth/admin.reports.usage.readonly
  8. Click Authorize.

Step 8: Google Workspace–Create a Google Workspace service account for Red Canary

The Google service account created in Step 4 requires a google workspace account to start sending telemetry to Red Canary.

Note: You can re-use an existing Google Workspace user account with Admin Console Reports permissions.

  1. From your Google Workspace Admin Console, click the Directory dropdown.
  2. From the Directory dropdown, click Users.
  3. Click Add new user.
    7.1.png
  4. Fill in the fields to identify the Red Canary service account.
  5. Click ADD NEW USER.
    Note: You do not need to copy or use the automatically generated password. To set your own password, click PREVIEW AND SEND.
  6. Click Done.
  7. To see your new user account, refresh the Users page.
  8. Select the user account you just created.
  9. Scroll down to the Admin roles and Privileges section, and then click the Expand Roles and Privileges dropdown.
    7.2.png
  10. Click Create Custom Role.
    7.4.png
  11. Click Create new role
  12. Enter a name for your new role.
  13. Enter a description for your new role.
  14. Click Continue.
  15. From the Privilege Name section, scroll down and then click the Services dropdown.
  16. Click the Alert Center Dropdown, and then select View Access.
    8.16.png
  17. From the Privilege Name section, scroll down and select Reports.
    7.5.png
  18. Click Continue.
  19. Click Create Role
  20. Click Assign users.
  21.  Enter the name of the new service account you created in Step 8.4.
  22. Click Assign Role.

Step 9: Red Canary–Integrate Google Workspace with Red Canary

Connect your Google service account key to Red Canary in order to start receiving Google Workspace alerts in Red Canary.

  1. From your Red Canary homepage, click Integrations.
  2. From the Integrations section, locate and then click the security product you want to integrate with Red Canary.
    Note: If you do not see your security product listed, click See all integrations.
     
  3. In the search bar, type and then select your third-party security source.
  4. Continue onto the next step by configuring your third-party security source in Red Canary.
    Note: Your third-party security source may require that you contact Red Canary to configure.
  5. Enter the service account key from the .JSON file you downloaded from Google Workspace in Step 5.5
    16.png
  6. Click Save.

Comments

2 comments

Date Votes
  • Kyle Welsh

    Does the Google Workspace integration pull in Devices and if so, do these devices count towards the Red Canary end-point license count?

    1
  • John Streeter

    Hey Kyle, great question! We will create new "devices" when we discover them based on Google Workspace alerts, but those do not count towards your endpoint license count. Only EDR monitored endpoints count towards that number.

    1

Please sign in to leave a comment.