Google Workspace
Scan your Google Workspace environment for user management, Drive sharing policies, MFA enforcement, and admin security settings.
Prerequisites
You need a Google Workspace account with Super Admin access and the ability to configure domain-wide delegation for a service account. ComplyWise uses a Google Cloud service account with delegated authority to read administrative data from your Workspace domain.
- Google Workspace account with Super Admin access
- Google Cloud project for service account creation
- ComplyWise admin role for integration configuration
Service Account Setup
Create a service account in Google Cloud Console under your project. Enable domain-wide delegation and download the JSON key file. In the Google Admin Console, navigate to Security → API controls → Domain-wide delegation and authorize the service account with the required OAuth scopes for read-only administrative access.
- Create service account in Google Cloud Console
- Enable domain-wide delegation on the service account
- Authorize scopes: admin.directory.user.readonly, admin.directory.group.readonly, admin.reports.audit.readonly
- Download the service account JSON key file
What Gets Scanned
The Google Workspace scanner evaluates user security configurations, organizational unit policies, Drive sharing settings, and admin audit logs. It checks MFA enrollment across all users, identifies external sharing configurations in Drive, and validates admin role assignments.
- User management: MFA enrollment, password policy, inactive accounts, suspended users
- Groups: external member policies, group sharing settings, admin groups
- Drive: external sharing policies, link sharing defaults, DLP rule coverage
- Admin audit: login events, admin actions, security alerts
- Mobile devices: management policies, device compliance status
Configuring in ComplyWise
Navigate to Settings → Integrations → Google Workspace. Upload the service account JSON key and enter the admin email address to impersonate (Super Admin). The platform tests the connection by listing users. Once successful, Workspace data is included in compliance scans.
- Upload service account JSON key file
- Enter Super Admin email for impersonation
- Connectivity test verifies read access
- Scanned data mapped to identity and access management controls