Skip to content

Activity Insights - Google Workspace

To display activity data from Google Workspace, you can set up a single SaaS connector or configure both a virtual appliance (VA) and Activity Insights - Google Workspace connector.

Configuring Activity Insights Using the Google Workspace SaaS Connector

If you are using the Google Workspace SaaS connector, follow the connector guide to enable Activity Insights.

After a successful test connection, you must correlate accounts and run an aggregation for the Google Workspace SaaS source. Your activity data will begin syncing immediately but may take up to 24 hours to display. Data will then update daily.

Note

If you previously configured both the Google Workspace SaaS identity governance and Activity Insights - Google Workspace connectors, you do not have to take additional action to continue receiving your data.

Configuring Activity Insights Using a VA-Based Source

If you are setting up Activity Insights using a VA-based connector, you must first generate OAuth 2.0 authentication credentials in Google. You'll then configure both the Google Workspace SaaS identity governance and Activity Insights - Google Workspace connectors so that Identity Security Cloud can gather your account information and display activity data.

Generating OAuth 2.0 Authentication Credentials in Google

Before activity insights can display in Identity Security Cloud, you must generate OAuth 2.0 authentication credentials in Google. You’ll use these credentials to connect Google Workspace to Identity Security Cloud.

Configuring the Google Workspace SaaS Identity Governance Source

Follow the directions to configure your Google Workspace identity governance source in Identity Security Cloud. You can also edit an existing one.

Configuring the Activity Insights - Google Workspace Source

To display activity data from Activity Insights, you must configure the Activity Insights - Google Workspace source in Identity Security Cloud.

  1. Go to Admin > Connections > Sources.
  2. Select Create New to create a new source.
  3. Search for and select the Activity Insights - Google Workspace connector.
  4. Enter a name and description for the source.
  5. In the Source Owner field, begin typing the name of an owner. Matches appear after you type two letters.
  6. (Optional) Select a governance group for source management.
  7. Select the checkbox if the source is an authoritative source. 
  8. Select Continue to create the source.
  9. Select Configuration from the left panel.

  10. Enter the following information:

    • Email Address of Service Account - Copy the email address for the service account from the Service accounts page in Google.

    • Email Address of User to Impersonate - Enter the email address of the user to impersonate.

    • Private Key - Copy and paste the private key you created.

  11. Select Save to save your settings.

  12. Select Review and Test from the left panel.
  13. Select Test Connection to test the connection between the applications. You must have a successful connection for Identity Security Cloud to gather activity data. If the test is unsuccessful, retry your credentials or contact SailPoint Support.

To gather account data, you must correlate accounts and run an aggregation for the Google Workspace identity governance source. Your activity data will begin syncing immediately but may take up to 24 hours to display. Data will then update daily.

Required Permissions

Your Google service account must have Super Admin access for Identity Security Cloud to pull usage data on Google users.

Requested Scopes

Identity Security Cloud requests the following scopes:

Scope Description
https://www.googleapis.com/auth/admin.reports.audit.readonly View audit reports for your G-Suite domain.
https://www.googleapis.com/auth/admin.reports.usage.readonly View usage reports for your G-Suite domain.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.