Google Gsuite¶
Zercurity can connect to your Google G-suite workspace to provide both SSO integration but also automatic asset association of your system users.
Create integration¶
Auth scopes¶
Zercurity requires access to a number scopes within your Google account in order to be effective.
| Scope | Description |
| userinfo.email | Access to the accounts email address is required to either associate a Zercurity account to a Google account or create a new one. |
| userinfo.profile | Fetch profile information including full name. |
| openid | |
| admin.directory.user.readonly | Read access to all organisation user information. |
| admin.directory.user.alias.readonly | Read access to all user alias, we mainly use this for linking together users with multiple addresses. |
| admin.directory.group.readonly | Read access to all organisation group information. |
| admin.directory.group.member.readonly | Read access to all organisation group membership information. This information is used to replicate your organisational structure within Zercurity. |
| admin.directory.rolemanagement.readonly | This information is used to link account and IAM roles within Zercurity automatically. |
| admin.directory.orgunit.readonly | Read access to group information |
| admin.directory.device.chromeos.readonly | Read access to devices. Used to enrich network information and discovered assets. |
| admin.directory.device.mobile.readonly | Read access to devices. Used to enrich network information and discovered assets. |
| admin.reports.audit.readonly | Read access to audit data. This used to provide contextual information around security events within Zercurity to and from Google G-suite |