Google Workspace Integration Overview
The ObserveID Google Workspace integration retrieves Google Workspace user accounts and their access information from Google as the source system and aggregates it into the ObserveID platform as the data consumer by leveraging the Admin SDK API. If required, the Workspace dataset can be extended with cloud resource data obtained via the Cloud Resource Manager API and the Identity and Access Management (IAM) API. This enables centralized visibility, governance, and control over Workspace users and their access across cloud resources.
The base configuration of the Google Workspace integration supports access analytics and access governance, with optional extensions for full lifecycle management and policy-driven access control.
Optional extension of the base configuration provides a secure layer for account administration and supports self-service access and credential management. In addition, it enables tightly controlled user provisioning and deprovisioning, role management, and privileged access management. The integration also provides the access detection and audit evidence—such as access history, audit logs, and policy violations—and orchestrates complex business-driven processes, including onboarding, certification escalation, remediation campaigns, and access change approvals.
Base configuration
The initial setup of the integration enables data aggregation and synchronization. To support full read-write functionality, additional configuration is required to align the integration with the organization’s business context, security policies, and compliance requirements
The base configuration includes the following steps:
- Required prerequisites must be configured in Google for ObserveID.
- Connection parameters must be configured in ObserveID for Google.
- The initial data load from Google to ObserveID must be completed successfully.
Baseline capabilities
Once the base integration setup is complete, the following standard read-only capabilities are available:
- Aggregation and synchronization of Google Workspace User Accounts; assigned groups and administrator roles; and permission catalogue based on the baseline schema.
- Access analytics and risk analysis across users, and privileges.
- Access reviews and certification, provided that a ticketing system is integrated.
Optional configuration
Additional configuration enables read-write and governance capabilities, including:
- Identity lifecycle management, which requires configuration of Google Workspace User Account correlation logic and customization based on account types, such as user accounts, privileged accounts, service accounts, firecall accounts, orphaned accounts.
- Access control and account administration, which require configuration of Google Workspace User Account attributes through provisioning rules.
- Custom account attributes, enabled through optional attribute configuration.
- Automated access provisioning for onboarding/reinstatement scenarios, which requires configuration of the birthright access assignment.
- Automated access termination for offboarding scenarios, which requires configuration of the leaver rule.
- Other custom integration operations, driven by specific business or security requirements.
The Google Workspace integration enables centralized control over the full account lifecycle, supports role-based access control (RBAC), and provides near real-time visibility into access-related activities. This approach reduces the risk of unauthorized access while ensuring auditability, policy compliance, and operational consistency at scale.