Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Google Workspace - Identity Management

            Created by David Esposito, Modified on Wed, 25 Sep at 3:18 PM by David Esposito

            Installation Process

            Method: OAuth

            Estimated Time to Complete: 1 minute

            Installer: Google Workspace Administrator


            Installation will be accomplished using an OAuth flow. An Administrator will need to accept scopes for  User, Group, and Device ingestion and reporting. This requires a single step.


            1. Click a “Install With OAuth” button and follow the OAuth grant flow




            Configuration


            High At-Risk Group Memberships

            Estimated Time to Complete: 10 minutes


            We leverage group membership to identify users that have an elevated risk profile. Please collect a list of groups that identify users that have the following characteristics:



            Production Access

            Identify groups that are used to provide access to production, or mailing distros for employees that have access to production infrastructure. Common groups include engineering, operations, IT, and support.

            Privileged Access

            Identify groups that are used to provide privileged access, e.g. admins, to saas application or internal systems, or mailing distros for employees that have similar access. Common groups include IT.

            Executives

            Identify groups that include individuals on the leadership team. These individuals are often seen as high value targets, e.g. spear phishing and whaling. Common groups include ELT or Executive Leadership Team mailing distros.

            Service Accounts

            Service accounts often have identity accounts but you likely want these excluded from your score. For example, they likely will not have MFA configured and you might not want that raised as a security finding. Identify or create groups that include service accounts you want excluded from reporting.


            For each of these groups, get the group ID’s from the admin console using the following approach. The following approach will be improved in future iterations using type ahead selection. But for the time being use the following steps to capture the Group ID’s for any matching the above description.


            1. Navigate to https://admin.google.com/ac/groups

            2. For each of the groups matching the above descriptions, open the details page in a new tab, e.g. right click and “open in a new tab” or CMD click

            3. Once the details page is open, capture the group name and group id (from the URL)

            4. Collect these in the provided spreadsheet




            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0