# Google Workspace
The Dropzone AI platform integrates with Google Workspace APIs for ingesting alerts such as phishing reports and enriching investigations with data from Google Workspace such as directory information.
The Google Workspace Remediator integration allows Dropzone AI to perform Containment Actions during investigations. See the [Remediator](/integrations/remediator.md) documentation for more information.
## Integration Overview
To enable these integrations you will perform the following actions:
* Enable domain-wide delegation in Google Workspace
* Create a Google Workspace admin role
* Select integration parameters, such as which alert types to sync
See the [Google Workspace Data Source](/integrations/data/google-workspace_data.md) page for instructions on how to complete these actions.
The Remediator integration requires additional OAuth scopes beyond those needed for the Data Source integration. These scopes enable Dropzone AI to perform containment actions on user accounts.
### Required Scopes
Add the following scopes to your domain-wide delegation configuration:
| OAuth Scope | Purpose | Containment Actions Enabled |
| --------------------------------------------------------------- | ------------------------------------------------------------- | ---------------------------------- |
| `https://www.googleapis.com/auth/admin.directory.user.security` | Revoke user sessions and app-specific passwords | Revoke User Sessions |
| `https://www.googleapis.com/auth/admin.directory.user` | Manage user accounts (includes all user.security permissions) | Suspend User, Revoke User Sessions |
{% hint style="info" %}
The `admin.directory.user` scope supersedes the `admin.directory.user.security` scope. If you grant the full `admin.directory.user` scope, you do not need to separately grant `admin.directory.user.security`.
{% endhint %}
### Adding Remediator Scopes
If you have previously configured the Data Source integration, follow these steps to add the additional remediator scopes:
* Navigate to your [Google Workspace Admin Console](https://admin.google.com)
* In the sidebar, navigate to Security > Access and Data Control > API Controls
* At the bottom, click [Manage Domain Wide Delegation](https://admin.google.com/ac/owl/domainwidedelegation)
* Find the existing Dropzone AI API Client (identified by the Client ID from your Dropzone tenant)
* Click on the client to edit it
* Add the following scopes to the existing OAuth Scopes list:
* `https://www.googleapis.com/auth/admin.directory.user.security`
* `https://www.googleapis.com/auth/admin.directory.user`
* Click "Authorize" to save the changes
## Additional Admin Role Permissions
The Remediator integration requires additional admin role permissions beyond those configured in the Data Source integration. These permissions enable the admin user to perform containment actions.
### Adding Remediator Permissions to Admin Role
To add the required permissions to your existing Dropzone AI admin role:
* Go to [Account > Admin Roles](https://admin.google.com/ac/roles)
* Find and click on the role you created for Dropzone AI
* Click "Edit Role"
* On the "Select Privileges" page, enable the following additional privileges:
#### Suspend User action required privileges
* Admin Console Privileges
* Users > Create
* Users > Update
* Admin API Privileges
* Users > Create
* Users > Update
#### Revoke User Sessions action required privileges
* Admin API Privileges
* User Security Management
Click "Save" to apply the changes
{% hint style="warning" %}
The only way to give Dropzone permission to perform security-related actions on an admin user (any user that holds any Admin Role) is to assign Dropzone the built-in Super Admin role. Without the Super Admin role, Dropzone will only be able to take actions on non-admin users.
{% endhint %}
## Available Containment Actions
Once the Remediator integration is enabled, the following containment actions become available during investigations:
### Revoke User Sessions
Revokes all active sessions for a user, including:
* Web sessions
* Application-specific passwords
* OAuth tokens
**Required scope:** `https://www.googleapis.com/auth/admin.directory.user.security`
### Suspend User
Suspends a user account, preventing all access to Google Workspace services.
**Required scope:** `https://www.googleapis.com/auth/admin.directory.user`
## Enable Google Workspace
After adding the required scopes to your domain-wide delegation, to enable the Remediator integration, do the following:
* Navigate to your Dropzone AI tenant home page e.g. https\://*mycompany*.dropzone.app
* In the bottom left hand corner, navigate to Settings > Integrations
Integrations Dropdown
* Click "Available" (or, if already integrated, click "Connected")
Click Available
* In the Search bar, search Google Workspace, then click "Configure"
The Google Workspace Tile
* Under the Remediator header, input the "Admin Email" and "Customer ID"
* In the "Available Containment Actions" section, check the Containment Actions you wish to enable Dropzone to perform
The Google Workspace Remediator Configuration
* Click "Test & Save" to finish
{% hint style="warning" %}
Dropzone does not test that your permissions have been configured correctly when running Remediator Containment Actions. Be sure to double check that your configuration is correct and up to date.
{% endhint %}
If you have any errors engage your Dropzone AI support representative.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.dropzone.ai/integrations/remediator/google-workspace_remediator.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.