Google Workspace
The Google Workspace Remediator integration allows Dropzone AI to perform automated containment actions during investigations. This integration builds upon the Google Workspace Data Source integration.
Prerequisites
Before enabling the Remediator integration, you must first complete the Google Workspace Data Source setup, including:
Domain-wide delegation configuration
Google Workspace admin role creation
Data source integration enablement
Additional Scopes Required for Remediator
The Remediator integration requires additional OAuth scopes beyond those needed for the Data Source integration. These scopes enable Dropzone AI to perform containment actions on user accounts.
Required Scopes
Add the following scopes to your domain-wide delegation configuration:
https://www.googleapis.com/auth/admin.directory.user.security
Revoke user sessions and app-specific passwords
Revoke User Sessions
https://www.googleapis.com/auth/admin.directory.user
Manage user accounts (includes all user.security permissions)
Suspend User, Revoke User Sessions
Adding Remediator Scopes
If you have already configured the Data Source integration, follow these steps to add the additional remediator scopes:
Navigate to your Google Workspace Admin Console
In the sidebar, navigate to Security > Access and Data Control > API Controls
At the bottom, click Manage Domain Wide Delegation
Find the existing Dropzone AI API Client (identified by the Client ID from your Dropzone tenant)
Click on the client to edit it
Add the following scopes to the existing OAuth Scopes list:
https://www.googleapis.com/auth/admin.directory.user.securityhttps://www.googleapis.com/auth/admin.directory.user
Click "Authorize" to save the changes
Additional Admin Role Permissions
The Remediator integration requires additional admin role permissions beyond those configured in the Data Source integration. These permissions enable the admin user to perform containment actions.
Adding Remediator Permissions to Admin Role
To add the required permissions to your existing Dropzone AI admin role:
Go to Account > Admin Roles
Find and click on the role you created for Dropzone AI
Click "Edit Role"
On the "Select Privileges" page, enable the following additional privileges:
Suspend User action required privileges
Admin Console Privileges
Users > Create
Users > Update
Admin API Privileges
Users > Create
Users > Update
Revoke User Sessions action required privileges
Admin API Privileges
User Security Management
Click "Save" to apply the changes
The only way to give Dropzone permission to perform security-related actions on an admin user (any user that holds any Admin Role) is to assign Dropzone the built-in Super Admin role. Without the Super Admin role, Dropzone will only be able to take actions on non-admin users.
Available Containment Actions
Once the Remediator integration is enabled, the following containment actions become available during investigations:
Revoke User Sessions
Revokes all active sessions for a user, including:
Web sessions
Application-specific passwords
OAuth tokens
Required scope: https://www.googleapis.com/auth/admin.directory.user.security
Suspend User
Suspends a user account, preventing all access to Google Workspace services.
Required scope: https://www.googleapis.com/auth/admin.directory.user
Enabling the Remediator Integration
After adding the required scopes to your domain-wide delegation:
Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.app
In the bottom left hand corner, navigate to Settings > Integrations
Find the Google Workspace integration in your configured integrations
Under the Remediator section, enable the integration and the specific Containment Actions you wish to enable
Click "Test & Save" to verify the configuration
Dropzone does not test that your permissions have been configured correctly when running Remediator Containment Actions. Be sure to double check that your configuration is correct and up to date.
If you have any errors engage your Dropzone AI support representative.
Last updated
Was this helpful?