HERE'S WHY
Connecting Google Workspace (formally known as "G Suite") to Drata allows all of your company's personnel to be sync'd with Drata, and to provision accounts for each. This is the first connection/integration that should be completed as a new customer of Drata, as it will allow for the compliance monitoring of your company's personnel.
BEFORE DIVING IN
The email domain, when connecting the IdP, must match each of the personnel’s email domain that you would like to sync. Personnels that have different domains or multiple domains are not synced.
If you need to sync multiple email domains, please reach out to our Technical Support team.
Ensure you have Super Admin access to your company's Google Workspace account.
HERE'S HOW
Follow these instructions to connect Google Workspace to Drata:
1. Select 'Connections' on the side navigational menu.
2. Select the 'Available connections' tab and then search for 'Google Workspace' to select the connect button for the Google Workspace integration.
3. Follow the instructions in the slide-out panel carefully. Take your time and complete one step entirely before moving on to the next.
(Example) Google Read Only Scopes:
https://www.googleapis.com/auth/admin.directory.user.readonly
https://www.googleapis.com/auth/admin.directory.group.readonly
https://www.googleapis.com/auth/admin.directory.orgunit.readonly
Choose who you want to bring into Drata from this identity provider: To restrict the list of Google personnel Drata will sync to, select 'Only people from specific groups' and enter the group's object ID you would like to add.
Drata does not support nested groups. We will sync members at the specified group's top level, but not members in the second-level or further groups.
Copy the Drata Autopilot clientId. This is a unique ID.
Tips:
Use the copy buttonto quickly copy the long important strings of characters.
Don't forget to enter the email address of a super-admin on the Google Workspace account before clicking "Save & Test Connection."
Monitoring tests covered
Test 77: Employee Users Require MFA
Test 86: MFA on Identity Provider
Test 96: Employees have Unique Email Accounts