Google Workspace (Directory) Setup Guide

Follow the steps below to connect (where supported) or set up an export-based workflow. Either way, Aurora tracks source, timestamps, ownership, and freshness so evidence stays reusable between reviews.

At a Glance

ConnectionDirect connection

CategoryIdentity

Guide4 steps

Need help?

We'll confirm what can be automated, what stays export-based, and how to keep evidence current between review cycles.

Steps

Use these as a starting point, then verify collection inside Aurora.

1
Create Google Cloud service account and enable domain-wide delegation.
2
Authorize Directory scopes in Google Workspace Admin console for the service account client ID.
3
Provide service_account_json, admin_user_email (delegated), and customer_id.
4
Validate by listing users and groups.

Credentials

The inputs Aurora needs to authorize and collect proof.

service_account_jsonadmin_user_emailcustomer_id

Permissions

Aurora requests only the minimum access needed for collection and checks.

https://www.googleapis.com/auth/admin.directory.user.readonlyhttps://www.googleapis.com/auth/admin.directory.group.readonly