[Website]: Google Workspace - Agentless

[denisegarn]

Type of issue

Missing information

What documentation page is affected

https://www.elastic.co/docs/reference/integrations/google_workspace

What happened?

When following the documentation for Agentless Google Workspace integrations I ran into some issue and here is how I got around them.

Using a user account in Google Workspace and giving it Super Admin permissions.
In our environment I am not able to use a standard user account since we use Just In Time access once the entitlement expires the integration would stop working. I also don't like giving any user account full super admin permissions per security best practice.

My account setup.
Created a user account called elasticsec_sa@
Created a role for this integration with the following permissions.
elasticsec_sa - role
Admin console privileges

• OUs
• Read
• Users
• Read
• Chrome Management
• Managed browsers
• Read
• View Reports
• Alert Center
• Full access

Admin API privileges

• Reports
• Groups
• Read
• OU
• Read
• Users
• Read

Make sure elasticsec_sa@ has rights to the GCP project
Enable 2 APIs in GCP under the correct project

• Admin SDK API
• Google Workspace Alert Center API

This also allows users to apply least privilege access, instead of giving an account super admin access rights. Much better from a security perspective.

Additional info

No response

[georgewallace]

@mdbirnstiehl @colleenmcginnis This issue is surrounding us recommending users to use Super Admin access under the requirements section. https://www.elastic.co/docs/reference/integrations/google_workspace#requirements We should ensure that we provide the guidance to use least privilege. This came up on a customer call.