Skip to main content

Google Workspace

Step 1: Enable API

  1. Enable the G Suite Alert Center API:
    • Navigate to Google Cloud Console:
      • Choose APIs & Services > Library. Image 1: APIs & Services > Library
      • If no project exists, create one:
        • Click Dropdown > New Project.
        • Provide a project Name and Location. Image 2: Create New Project
      • Select the newly created project and click Open.
        • Ensure the notification for project creation is completed before proceeding.
      • Search for Admin SDK API and press Enable. Image 3: Enabling Admin SDK API

Step 2: Creating a Service Account

  1. Access IAM & Admin:

    • In the top-left corner of the GCP console, click Menu.
    • Navigate to IAM & Admin > Service Accounts. Image 4: IAM & Admin > Service Accounts

  2. Create a New Service Account:

    • Click Create Service Account and fill in the Service account name field.
      • (Optional) Enter a description for the service account. Image 5: Create Service Account Form
    • Click Create.

  3. Assign a Role to the Service Account:

    • Assign the role of Project Viewer or a more specific role to the new account.
    • Click Continue. 7th Image: Assn role

  4. Manage Keys and Generate a P12 Key:

    • Navigate to the service account you created, and click Manage Keys. Image 6.1: Manage Keys and Generate New Key
    • Follow these steps to generate the P12 key:

      1. Click Add Key > Create New Key. Image 6: Manage Keys and Generate New Key

      2. Ensure the key type is set to P12 and click Create. alt text

      3. Download the P12 Key:

        • You’ll see a message that the P12 file has been downloaded to your computer.

      4. Note the Secret:

        • Set the private key password to notasecret. alt text

      5. Make a Note of the File:

        • Make a note of the file’s location and name for future reference.

      6. Click Close.

Step 3: Adding the Service Account to G Suite

  1. Access the G Suite Admin Console:

    • Go to your G Suite domain’s Admin console.
    • Search for API Controls in the search bar. Image 7: API Controls in Admin Console

  2. Manage Domain-Wide Delegations:

    • Click Manage Domain Wide Delegations. Image 8: Manage Domain Wide Delegations
    • From the Authentication section, click Add New.

  3. Provide Client ID and OAuth Scopes:

    • In the Client ID field, enter the OAuth 2 client ID of the service account (found in the Google Cloud Console under IAM & Admin > Service Accounts). Image 9: Client ID and OAuth Scopes
    • In the OAuth Scopes field, enter the required scopes for accessing the reports API:
      • https://www.googleapis.com/auth/admin.reports.audit.readonly Image 9: Client ID and OAuth Scopes
    • Click Authorize.

Deliverables

Please email them to support@threatdefence.com

  1. P12 Key:

    • Ensure the secure storage of the downloaded P12 file.

  2. Service Account Email Address:

    • Navigate to IAM & Admin > Service Accounts in the Google Cloud Console to retrieve the service account email.

  3. Administrator Email Address:

    • Provide the email address used to configure the service account.