Skip to content

Activity Insights - Google

Note

This page describes a Limited Availability feature. Contact your Customer Success team to opt in.

To display activity data from Activity Insights, you first must create an OAuth application in Google. You’ll then connect the following Google sources, so IdentityNow can gather your Google accounts and their activity data.
Google Allows you to manage your Google accounts in IdentityNow.
Activity Insights - Google Works with your Google identity governance connector to provide activity data for identities.

Creating a Service Account in Google

Before activity insights can display in IdentityNow, you must create a service account in Google. You’ll use this account to connect Google to IdentityNow.

  1. Create a project for Google – Activity Insights in Google.
  2. Create a service account. You’ll use this account to connect Google to IdentityNow.
  3. Create a private key for your service account. You'll use this key to connect Google to IdentityNow.

Connecting Google to IdentityNow

To connect Google to IdentityNow, you’ll need to configure the following sources in IdentityNow. This will allow IdentityNow to gather account information and activity data from Google.

You may connect your sources in any order.

Configuring the Google Identity Governance Source

Follow the directions to configure your Google source in IdentityNow. You can also edit an existing one.

Configuring the Activity Insights – Google Source

To display activity data from Activity Insights, you must configure the Activity Insights – Google source in IdentityNow.

Note

To ensure activity data displays in IdentityNow, you must also connect the Google identity governance source.

  1. From the IdentityNow navigation menu, select Admin > Connections > Sources.
  2. Select Create New to create a new source.
  3. Search for and select the Activity Insights - Google connector.
  4. Enter a source name.
  5. Enter a description for your source.
  6. In the Source Owner field, begin typing the name of an owner. Matches appear after you type two letters.
  7. (Optional) Select a governance group for source management.
  8. Select Continue to create the source.
  9. Select Configuration from the left panel.

  10. Enter the following information:

    • Email Address of Service Account - Copy the email address for the service account from the Service accounts page in Google.

    • Email Address of User to Impersonate - Enter the email address of the user to impersonate.

    • Private Key - Copy and paste the private key you created.

  11. Select Save to save your settings.

  12. Select Review and Test from the left panel.
  13. Select Test Connection to test the connection between the applications. You must have a successful connection for IdentityNow to gather activity data. If the test is unsuccessful, retry your credentials or contact SailPoint Support.

Your activity data will begin syncing immediately and will update every 24 hours. You must run an aggregation for the Google source to gather accounts, groups, and role information.

Required Permissions

Your Google service account must have Super Admin access for IdentityNow to pull usage data on Google users.

Requested Scopes

IdentityNow requests the following scopes:

Scope Description
https://www.googleapis.com/auth/admin.reports.audit.readonly View audit reports for your G-Suite domain.
https://www.googleapis.com/auth/admin.reports.usage.readonly View usage reports for your G-Suite domain.

User Metadata

IdentityNow pulls the following user metadata from Google.

Field Description
Admin Indicates whether a user is a Super Admin.
Archived Indicates whether a user is archived.
Delegated Admin Indicates whether the user is a delegated administrator.
Enforced In 2SV Indicates whether 2-Step verification is enforced.
Enrolled In 2SV Indicates whether the user is enrolled in 2-Step verification.
Mailbox Set Up Indicates whether the user's Google mailbox is created.

Note: This property is only applicable if the user has been assigned a Gmail license.
Organizational Units The organizational group that the administrator added the user to. By default, users are placed in the top-level (parent) organizational unit.
Suspended Indicates whether the user's account is suspended.
Suspended Time The time the user was suspended. This field will only have a value if the user is suspended.
Suspension Reason The reason why an administrator or Google suspended the user's account.