.. include:: /includes.txt ============= Google Gsuite ============= Zercurity can connect to your Google G-suite workspace to provide both SSO integration but also automatic asset association of your system users. Create integration ================== .. image:: /_static/integrations_google.gsuite.png Auth scopes =========== Zercurity requires access to a number scopes within your Google account in order to be effective. +------------------------------------------+----------------------------------+ | **Scope** | **Description** | +------------------------------------------+----------------------------------+ | userinfo.email | Access to the accounts email | | | address is required to either | | | associate a Zercurity account to | | | a Google account or create a new | | | one. | +------------------------------------------+----------------------------------+ | userinfo.profile | Fetch profile information | | | including full name. | +------------------------------------------+----------------------------------+ | openid | | +------------------------------------------+----------------------------------+ | admin.directory.user.readonly | Read access to all organisation | | | user information. | +------------------------------------------+----------------------------------+ | admin.directory.user.alias.readonly | Read access to all user alias, | | | we mainly use this for linking | | | together users with multiple | | | addresses. | +------------------------------------------+----------------------------------+ | admin.directory.group.readonly | Read access to all organisation | | | group information. | +------------------------------------------+----------------------------------+ | admin.directory.group.member.readonly | Read access to all organisation | | | group membership information. | | | This information is used to | | | replicate your organisational | | | structure within Zercurity. | +------------------------------------------+----------------------------------+ | admin.directory.rolemanagement.readonly | This information is used to link | | | account and IAM roles within | | | Zercurity automatically. | +------------------------------------------+----------------------------------+ | admin.directory.orgunit.readonly | Read access to group information | +------------------------------------------+----------------------------------+ | admin.directory.device.chromeos.readonly | Read access to devices. Used to | | | enrich network information and | | | discovered assets. | +------------------------------------------+----------------------------------+ | admin.directory.device.mobile.readonly | Read access to devices. Used to | | | enrich network information and | | | discovered assets. | +------------------------------------------+----------------------------------+ | admin.reports.audit.readonly | Read access to audit data. This | | | used to provide contextual | | | information around security | | | events within Zercurity to and | | | from Google G-suite | +------------------------------------------+----------------------------------+