Skip to main content
All CollectionsSetup & ConfigurationIntegrationsIdentity Provider (IDP)
Setup Google Workspace Integration
Setup Google Workspace Integration
Updated over 2 months ago

Overview

This guide provides a step-by-step process for integrating Google Workspace with Axiom Security.

Prerequisites

Ensure you have the following before proceeding:

Requirement

Details

Axiom Admin Access

Required to configure the integration in Axiom Security.

Google Cloud Project

Necessary to create a service account.

Google Workspace Admin

Required to configure domain-wide delegation.

Integration Setup

Step 1: Create a Service Account


You can create a service account using either:

Option 1: Google Cloud Console

Follow Google’s official documentation to create a service account and download the JSON key file.

Option 2: Google Cloud SDK

Prerequisites

  • A machine with a terminal or command prompt.

  • Enable Admin SDK API service in google cloud console.

1. Install Google Cloud SDK:

# Install Google Cloud SDK
curl https://sdk.cloud.google.com | bash
exec -l $SHELL
gcloud init

2. Create a Google Cloud Project:

  • If you don't have one, create a Google Cloud project:

# Create a new project gcloud projects create [YOUR_PROJECT_ID] --name="# Create a new project
gcloud projects create [YOUR_PROJECT_ID] --name="[PROJECT_NAME]"
# Set the project as your default project
gcloud config set project [YOUR_PROJECT_ID]

Replace [YOUR_PROJECT_ID] with your desired project ID and [PROJECT_NAME] with a name for your project.

3. Enable Google Workspace Admin SDK:

  • Enable the Admin SDK service required for integration:

# Enable Admin SDK
gcloud services enable admin.googleapis.com

4. Create Service Account and Credentials:

  • Generate a service account for the integration:

# Generate service account key
gcloud iam service-accounts keys create ~/service-account-key.json --iam-account [SERVICE_ACCOUNT_NAME]@[YOUR_PROJECT_ID].iam.gserviceaccount.com

Replace [SERVICE_ACCOUNT_NAME], [DESCRIPTION], and [DISPLAY_NAME] with your preferred values.

  • Download the service account key file:

# Generate service account key
gcloud iam service-accounts keys create ~/service-account-key.json --iam-account [SERVICE_ACCOUNT_NAME]@[YOUR_PROJECT_ID].iam.gserviceaccount.com

Step 2: Enable Domain-Wide Delegation


Access Google Admin Console

  1. Log in to your Google Admin Console with an administrator account.

  2. Navigate to Security > API Controls.

  3. Under Domain-wide Delegation, click Manage Domain Wide Delegation.

Add Domain-Wide Delegation

  1. In the API Clients table, click Add new.

  2. Retrieve the Client ID from your downloaded service account JSON key file (downloaded in step 1).

  3. Enter the Client ID in the designated field.

Specify OAuth Scopes

Copy and paste the following OAuth scopes into the OAuth Scopes field:​ 

https://www.googleapis.com/auth/admin.directory.customer.readonly, https://www.googleapis.com/auth/admin.directory.domain.readonly, https://www.googleapis.com/auth/admin.directory.group.member.readonly, https://www.googleapis.com/auth/admin.directory.group.readonly, https://www.googleapis.com/auth/admin.directory.orgunit.readonly, https://www.googleapis.com/auth/admin.directory.rolemanagement.readonly, https://www.googleapis.com/auth/admin.directory.user.alias.readonly, https://www.googleapis.com/auth/admin.directory.user.readonly, https://www.googleapis.com/auth/admin.directory.userschema.readonly, https://www.googleapis.com/auth/admin.directory.group.member, https://www.googleapis.com/auth/admin.directory.rolemanagement

4. Click 'Authorize' to enable domain-wide delegation for your service account.

Step 3: Find Your Google Workspace Customer ID


Your Google Workspace Customer ID is required to complete the integration.

  1. Log in to the Google Admin Console with an administrator account.

  2. Click on the Menu icon (☰) and navigate to Account > Account Settings.

  3. Under the Profile tab, locate your Customer ID.

Step 4: Gather the Required Information

Ensure you have the following details before proceeding to Axiom Security:

  • Service Account JSON Key File

  • Google Workspace Customer ID

  • Google Workspace Admin Email (It is recommended to create a dedicated admin user for the integration).

Axiom Security Configuration

  1. In the Axiom platform, open the 'Integration Page' from the left-side navigation menu:

  2. Click on '+Add' in the Entra ID card

  3. Provide the following:

    1. Name (integration name).

    2. Customer ID (copied in step 3).

    3. Admin email (email of a user that is an admin in your account).

  4. Upload service account JSON file (downloaded in step 1)

  5. Click on 'Integrate'

Related Articles
Axiom Runner - Setup and Secret Configuration
Google Cloud Platform (GCP) Integration
Setup OpsGenie Integration
Integrations Overview
OneLogin integration
Did this answer your question?