Google Workspace

The Dropzone AI platform integrates with Google Workspace APIs for ingesting alerts such as phishing reports and enriching investigations with data from Google Workspace such as directory information.

The Google Workspace Remediator integration allows Dropzone AI to perform Containment Actions during investigations. See the Remediator documentation for more information.

Integration Overview

To enable these integrations you will perform the following actions:

• Enable domain-wide delegation in Google Workspace

• Create a Google Workspace admin role

• Select integration parameters, such as which alert types to sync

See the Google Workspace Data Source page for instructions on how to complete these actions.

The Remediator integration requires additional OAuth scopes beyond those needed for the Data Source integration. These scopes enable Dropzone AI to perform containment actions on user accounts.

Required Scopes

Add the following scopes to your domain-wide delegation configuration:

Adding Remediator Scopes

If you have previously configured the Data Source integration, follow these steps to add the additional remediator scopes:

• Navigate to your Google Workspace Admin Console

• In the sidebar, navigate to Security > Access and Data Control > API Controls

• At the bottom, click Manage Domain Wide Delegation

• Find the existing Dropzone AI API Client (identified by the Client ID from your Dropzone tenant)

• Click on the client to edit it

• Add the following scopes to the existing OAuth Scopes list:

  • https://www.googleapis.com/auth/admin.directory.user.security

  • https://www.googleapis.com/auth/admin.directory.user

• Click "Authorize" to save the changes

Additional Admin Role Permissions

The Remediator integration requires additional admin role permissions beyond those configured in the Data Source integration. These permissions enable the admin user to perform containment actions.

Adding Remediator Permissions to Admin Role

To add the required permissions to your existing Dropzone AI admin role:

• Go to Account > Admin Roles

• Find and click on the role you created for Dropzone AI

• Click "Edit Role"

• On the "Select Privileges" page, enable the following additional privileges:

Suspend User action required privileges

• Admin Console Privileges

  • Users > Create

  • Users > Update

• Admin API Privileges

  • Users > Create

  • Users > Update

Revoke User Sessions action required privileges

• Admin API Privileges

  • User Security Management

Click "Save" to apply the changes

Available Containment Actions

Once the Remediator integration is enabled, the following containment actions become available during investigations:

Revoke User Sessions

Revokes all active sessions for a user, including:

• Web sessions

• Application-specific passwords

• OAuth tokens

Required scope: https://www.googleapis.com/auth/admin.directory.user.security

Suspend User

Suspends a user account, preventing all access to Google Workspace services.

Required scope: https://www.googleapis.com/auth/admin.directory.user

Enable Google Workspace

After adding the required scopes to your domain-wide delegation, to enable the Remediator integration, do the following:

• Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.app

• In the bottom left hand corner, navigate to Settings > Integrations

• Click "Available" (or, if already integrated, click "Connected")

• In the Search bar, search Google Workspace, then click "Configure"

• Under the Remediator header, input the "Admin Email" and "Customer ID"

• In the "Available Containment Actions" section, check the Containment Actions you wish to enable Dropzone to perform

• Click "Test & Save" to finish

If you have any errors engage your Dropzone AI support representative.