Google Workspace Activity Logs
The Emanate Security Platform supports direct log ingestion from Google Workspace
Last updated
The Emanate Security Platform supports direct log ingestion from Google Workspace
Last updated
Emanate Security can retrieve Google Workspace activity logs by querying the . Emanate Security queries the Reports API for new events every 2 minutes.
In order for Emanate Security to access the Google Workspace Reports API on behalf of your organization, a Google Cloud app with appropriate permissions needs to be created. Once created, the credentials must be provided to Emanate Security to enable the integration.
Note that the steps below will only yield a successful integration if your Google user is authorized to Create Cloud apps and read your organization's activity records.
Please contact your Emanate Security point of contact to configure a data source at the end of this process once credentials have been generated.
Log in to your Admin Console.
In the header next to the Google Cloud icon, select the dropdown icon next to your organization. This will bring up a window showing applications for the organization. Click the “NEW PROJECT” link..
Enter a descriptive Project name (for example, Emanate Security Integration) and choose the proper Organization and Location to support the integration.
Click Create.
It will take a few seconds to create the project. Once created, you will see a notification on the page.
On the left sidebar menu, click the three lines icon, then Cloud Overview > Dashboard.
If the project you just created is not already selected in the dropdown at the top of the page, open the dropdown and select it.
In the top search bar, search for "OAuth consent screen," then select the matching result.
On the OAuth consent screen page, for User Type, select Internal.
Click Create.
On the OAuth consent screen page, fill in the following information:
App name: Enter your project name or project ID. (example: Emanate Security App)
User support email: Select your email address.
Developer contact information: Enter your email address.
Leave the other fields blank.
Click Save and continue.
On the Scopes page, click Add or remove scopes.
In the Manually add scopes section, paste the following scope URIs into the textbox.
Click Add to table and Update.
Close the Update selected scopes window and validate that the newly added scopes are in the Your sensitive scopes display.
Click Save and continue.
At the bottom of the Summary page, click Back to dashboard.
In the left-hand navigation menu, click Enabled APIs & services.
In the search bar at the top of the page, search for Admin SDK API, and select Admin SDK API.
On the Admin SDK API page, click Enable.
In the left-hand navigation menu, click Credentials.
At the top of the page, click + CREATE CREDENTIALS.
Click OAuth client ID.
You will be redirected to a different page.
On the Create OAuth client ID page, in the Application type field, select Web application and type in a friendly name like, Emanate Security Integration.
Scroll down to the Authorized redirect URIs section, and click + Add URI.
Your Emanate Security point of contact will provide you with the URI value.
Click Create.
A pop-up modal will display a Client ID and Client Secret. Using a secure method, make note of the ClientID and Client Secret. You must provide them to your Emanate Security point of contact to complete the integration.
At this point, your Emanate Security point of contact will provide you with a Consent URL. This URL will allow you to provide final permissions to the Emanate Security Platform to access the Google Workspace Reports API on your organization's behalf.
Follow the link provided by the Emanate Security point of contact, and grant permissions to Emanate Security.
Once completed, you will receive an auth code that could then be used to fetch a refresh token. This refresh token is what Emanate uses to generate an API token.
Please email any questions to support@emanatesecurity.com
You will be redirected to another screen.
