Google Gsuite¶
Zercurity can connect to your Google G-suite workspace to provide both SSO integration but also automatic asset association of your system users.
Create integration¶
Auth scopes¶
Zercurity requires access to a number scopes within your Google account in order to be effective.
Scope |
Description |
userinfo.email |
Access to the accounts email address is required to either associate a Zercurity account to a Google account or create a new one. |
userinfo.profile |
Fetch profile information including full name. |
openid |
|
admin.directory.user.readonly |
Read access to all organisation user information. |
admin.directory.user.alias.readonly |
Read access to all user alias, we mainly use this for linking together users with multiple addresses. |
admin.directory.group.readonly |
Read access to all organisation group information. |
admin.directory.group.member.readonly |
Read access to all organisation group membership information. This information is used to replicate your organisational structure within Zercurity. |
admin.directory.rolemanagement.readonly |
This information is used to link account and IAM roles within Zercurity automatically. |
admin.directory.orgunit.readonly |
Read access to group information |
admin.directory.device.chromeos.readonly |
Read access to devices. Used to enrich network information and discovered assets. |
admin.directory.device.mobile.readonly |
Read access to devices. Used to enrich network information and discovered assets. |
admin.reports.audit.readonly |
Read access to audit data. This used to provide contextual information around security events within Zercurity to and from Google G-suite |