Connect Google Workspace (Directory) Without Breaking the Audit Trail

Use this guide to connect Google Workspace (Directory) or confirm the export-based path that fits your environment. Aurora keeps source, timestamps, ownership, and collection history attached so the first run becomes reusable proof instead of one-off setup work.

Connector Summary

Connection typeDirect connection

CategoryIdentity

Checklist4 steps

Want help with rollout?

We'll confirm what can be automated, what stays export-based, and how to keep the first evidence record clean.

First-Run Checklist

Use this sequence to connect Google Workspace (Directory) and make sure the first collection lands cleanly.

1
Create Google Cloud service account and enable domain-wide delegation.
2
Authorize Directory scopes in Google Workspace Admin console for the service account client ID.
3
Provide service_account_json, admin_user_email (delegated), and customer_id.
4
Validate by listing users and groups.

Credentials and Secrets

The keys, secrets, or tokens Aurora uses to authenticate and collect proof.

service_account_json

Recommended Access

Aurora only asks for the minimum read access needed for collection and checks.

https://www.googleapis.com/auth/admin.directory.user.readonlyhttps://www.googleapis.com/auth/admin.directory.group.readonly