Introduction
This article describes the Field Effect MDR integration with Google Workspace. This article covers the following:
Integration Details
If your organization uses Google Workspace, this integration allows Field Effect MDR monitoring access to your Google Workspace environment, enriching its monitoring fidelity.
Once integrated, Field Effect MDR can monitor:
- Admin logs.
- Registered mobile devices.
- Checks for malicious mail flow rules.
- Detect insider threats (document theft) via Google Drive monitoring from admin logs.
- API activity data: information for activities in a specific Google Workspace application or service. Activity reports include the date, time, user, and type of activity.
For more on Google API and reporting, visit their documentation.
Additionally, Active Response supports Google Workspace, meaning that Field Effect MDR can trigger response actions on cloud accounts suspected of being compromised. To learn more about Active Response, visit Enabling Active Response for a Cloud Service as well as our Help Center chapter on the feature.
Finally, if you would only like to monitor a specific set of Google Workspace users with Field Effect MDR, you can do so by leveraging organizational units (OUs) within Google Workspace. This is useful if you have licensing limitations that can't cover the full user count. Please reach out at support@fieldeffect.com to make these specifications.
Requirements
To complete this integration, you will need the following:
- An administrator account and credentials for your organization's Google Workspace environment.
- You must enable audit logging for Google Workspace.
- You must allow our application access via the Google Admin Console.
- The link for our SEAS application is: 796650140523-c07pdc2iv0g4j2c86u3592270fu0r9he.apps.googleusercontent.com
Setting up the Integration
Please ensure that you have completed the requirements above within Google Workspace before setting up the integration.
Note for Partners: This procedure is performed on a per-client basis. Ensure that the Organization Selector is set to the appropriate client before continuing.
After you have prepared Google Workspace for the integration (above), navigate to the Field Effect MDR Portal's Administration > Integrations page. From the Cloud monitoring tab, click Add for Google Workspace.
The integration wizard will open. The first page asks if you would like to enable Active Response for the account. If your organization has a Response Policy in place, selecting standard will apply it to this cloud service. Visit Active Response for Cloud Service to learn more.
You’ll be taken to a page asking you to allow Field Effect to access and monitor the service. Ensure to select all the checkboxes and click Accept.
You'll be taken back to the integrations page, and the integration card will show that the integration is connected and promoted to the top, alongside any other connected integrations.
Troubleshooting
The following sections provide some troubleshooting guidance.
Error 400: admin_policy_enforced
If you receive the Error "400: admin_policy_enforced" while trying to complete this integration, it is likely that our app is not allowed to access your instance of Google Workspace due to your organization's permission settings.
To allow our app access to Google Workspace, you must give our SEAS app Unrestricted Access in the google Admin Console. To learn more, see Google's Support Content, "Manage third-party app access to Google services & add apps".
Within the Admin Console, you will need to allow our application. This can be done by adding the following link: 796650140523-c07pdc2iv0g4j2c86u3592270fu0r9he.apps.googleusercontent.com
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article