Drata

Connecting Google Workspace (formally known as "G Suite") to Drata allows all of your company's personnel to be sync'd with Drata, and to provision accounts for each. This is the first connection/integration that should be completed as a new customer of Drata, as it will allow for the compliance monitoring of your company's personnel. 

The email domain, when connecting the IdP, must match each of the personnel’s email domain that you would like to sync. Personnels that have different domains or multiple domains are not synced.

- If you need to sync multiple email domains, please reach out to our Technical Support team.

Ensure you have Super Admin access to your company's Google Workspace account.

- The email domain, when connecting the IdP, must match each of the personnel’s email domain that you would like to sync. Personnels that have different domains or multiple domains are not synced.
  - If you need to sync multiple email domains, please reach out to our Technical Support team.
- Ensure you have Super Admin access to your company's Google Workspace account.

Follow these instructions to connect Google Workspace to Drata:

1. Select 'Connections' on the side navigational menu.

2. Select the 'Available connections' tab and then search for 'Google Workspace' to select the connect button for the Google Workspace integration.

3. Follow the instructions in the slide-out panel carefully. Take your time and complete one step entirely before moving on to the next.  

(Example) Google Read Only Scopes:

- <code>https://www.googleapis.com/auth/admin.directory.user.readonly</code>
- <code>https://www.googleapis.com/auth/admin.directory.group.readonly</code>
- <code>https://www.googleapis.com/auth/admin.directory.orgunit.readonly</code>

- (Example) Google Read Only Scopes:
 - <code>https://www.googleapis.com/auth/admin.directory.user.readonly</code>
 - <code>https://www.googleapis.com/auth/admin.directory.group.readonly</code>
 - <code>https://www.googleapis.com/auth/admin.directory.orgunit.readonly</code>

Choose who you want to bring into Drata from this identity provider: To restrict the list of Google personnel Drata will sync to, select 'Only people from specific groups' and enter the group's object ID you would like to add.

- Drata does not support nested groups. We will sync members at the specified group's top level, but not members in the second-level or further groups.

Copy the Drata Autopilot clientId. This is a unique ID. 

- Choose who you want to bring into Drata from this identity provider: To restrict the list of Google personnel Drata will sync to, select 'Only people from specific groups' and enter the group's object ID you would like to add.
 - Drata does not support nested groups. We will sync members at the specified group's top level, but not members in the second-level or further groups.
- Copy the Drata Autopilot clientId. This is a unique ID.

You can read more about setting up these scopes via domain-wide delegation <a href="https://developers.google.com/admin-sdk/directory/v1/guides/delegation" rel="nofollow noopener noreferrer" target="_blank">here</a> and <a href="https://support.google.com/a/answer/162106" rel="nofollow noopener noreferrer" target="_blank">here</a>.

Use the copy button<img src="https://downloads.intercomcdn.com/i/o/271498053/ed6dca4a46cdb87ae50cf452/image.png?expires=1620939485&amp;signature=ceae2c0a8a9a70c580501279bec40086fe48172c7c1aa2920cbb82f81cfa4e87" width="51" alt="">to quickly copy the long important strings of characters.

Don't forget to enter the email address of a super-admin on the Google Workspace account before clicking "Save &amp; Test Connection."

- Use the copy button<img src="https://downloads.intercomcdn.com/i/o/271498053/ed6dca4a46cdb87ae50cf452/image.png?expires=1620939485&amp;signature=ceae2c0a8a9a70c580501279bec40086fe48172c7c1aa2920cbb82f81cfa4e87" width="51" alt="">to quickly copy the long important strings of characters.
- Don't forget to enter the email address of a super-admin on the Google Workspace account before clicking "Save &amp; Test Connection."

Test 96: Employees have Unique Email Accounts

- Test 77: Employee Users Require MFA
- Test 86: MFA on Identity Provider
- Test 96: Employees have Unique Email Accounts

HERE'S WHY

BEFORE DIVING IN

HERE'S HOW

Tips:

Monitoring tests covered