Google Workspace Integration

Connect QuantAssure to Google Workspace to monitor user security settings and compliance.

What It Collects

  • User Directory — All users in your Google Workspace domain as assets
  • Security Compliance — Security configuration findings including:
    • Users without 2-factor authentication enabled
    • Users with admin privileges
    • Recently created accounts
    • Other security compliance gaps

Prerequisites

  • Google Workspace admin access
  • A Google Cloud Platform (GCP) project
  • A service account with domain-wide delegation
  • Required OAuth scopes:
    • https://www.googleapis.com/auth/admin.directory.user.readonly

Setup Steps

1. Create a GCP Project

  1. Go to the Google Cloud Console
  2. Create a new project (or use an existing one)
  3. Note your project ID

2. Enable Required APIs

  1. In your GCP project, go to APIs & ServicesLibrary
  2. Search for and enable Admin SDK API

3. Create a Service Account

  1. Go to APIs & ServicesCredentials
  2. Click Create CredentialsService account
  3. Name it (e.g., "QuantAssure")
  4. Grant it the Editor role (or a custom role with Admin SDK access)
  5. Click the service account to edit it
  6. Go to KeysAdd KeyCreate new keyJSON
  7. Save the JSON key file — you'll need this

4. Configure Domain-Wide Delegation

  1. In the service account details, find Domain-wide delegation and note the Client ID
  2. Go to your Google Workspace Admin Console
  3. Navigate to SecurityAPI ControlsDomain-wide delegation
  4. Click Add new
  5. Enter the service account Client ID
  6. Add the required scope: https://www.googleapis.com/auth/admin.directory.user.readonly
  7. Click Authorize

5. Configure in QuantAssure

  1. Create or edit a System in QuantAssure
  2. In the Data Sources section, enable Google Workspace
  3. Enter your Workspace domain (e.g., yourcompany.com)
  4. Upload or paste your service account JSON key
  5. Save your system configuration

6. Run Your First Scan

Click "Run Scan" to collect data from Google Workspace.

What to Expect

After your first scan:

  • Assets: One asset per user in your Workspace domain
  • Findings: Security compliance violations:
    • Users without 2FA enabled
    • Users with super admin privileges
    • Suspended or recently created accounts flagged for review

Troubleshooting

"Insufficient permissions" error

  • Verify domain-wide delegation is configured correctly
  • Check that the OAuth scope is added in Admin Console
  • Ensure the service account key is valid

No users appearing

  • Verify your domain is correct
  • Check that the service account has Admin SDK access
  • Confirm domain-wide delegation is authorized for the correct Client ID

Missing compliance findings

  • 2FA status requires directory read access
  • Some user attributes may require additional scopes