Google Workspace
Google Workspace is a suite of office products that includes collaboration tools such as email, calendar, and meetings as well as productivity tools including word processing, presentations, and spreadsheets. Google Workspace Admin console controls access to applications and work product in the Workspace. Trustle uses the Admin console’s APIs to implement various types of access (temporary, just-in-time, standing, or no access). Trustle also uses the identity data from Google Workspace to improve account linking with other platforms and applications.
Overview
Trustle connects with Google Workspace to gather a full list of users on the system and to collect usage information—both for Google apps and logins to apps connected to Google Single Sigh-on (SSO). Administrators can use this information to:
- Easily map users to other systems connected to Trustle by using Google’s directory of full names, email address, title, manager, and other profile information
- Manage access to Google apps, based on user requests and manager approvals
- Monitor which applications users have signed up for and logged into using Google’s SSO service
- Maintain usage history to set historical baselines, produce efficient access policies and create audit reports
As with all Trustle connectors, the Google Workspace system administration includes a dashboard with our “Trustle Score” that indicates how well the system is secured, a Recommendations section to help you improve security on the system, a full list of accounts, and log for troubleshooting and auditing purposes.
Flagging and Processing Unused Accounts
Because Workspace apps have work product contained in them, it usually requires a process to cleanup accounts after users no longer use them. To avoid data loss during this process, Trustle enables you to flag accounts that are currently in process. Flagging enables you to quickly identify which accounts are no longer used (or can be used) by the user, while also ensuring that login and usage data doesn’t interfere with the process when admins log in to the accounts to recover that data.
Trustle also provide many other recommendations to help secure your Workspace environment. For example, Trustle identifies accounts with permissions that are either not in use or are potentially risky. Such accounts are recommended for “Access Review,” which enables a workflow for re-attestation by the manager or resource owner that the access provided is in line with policy and still warranted. Given Trustle’s ability to offer Temporary and Just-in-Time access to such resources, these accounts are usually put in one of those categories, rather than removing access entirely.
Trustle also enables system owners to identify which users access services infrequently, which can help save on licensing costs by paying for licenses only when in use and needed.
Gather User Info Using Google as your Identity Provider (IdP)
Google Workspace is more than just a collection of productivity apps, it also provides IdP SSO services both to the Google ecosystem and hundreds of other apps that integrate with it. Because Google’s SSO is based on the industry standard Open ID Connect (OIDC), which itself is based on OAuth, most cloud services support this connectivity natively. Using Google’s IdP functionality, you can manage group memberships and personal profile information that will affect users’ privileges in a great many applications.
Managing Entitlements via Google
As an IdP, Google maintains many types of information on people, groups, and entitlements that are of broad use both to Trustle and any connected system.
Google maintains profile information, which is both useful for account linking and entitlement policies. The directory can provide information about a person’s title, manager, photo, email address, and phone number, just to name a few.
Groups are useful for mailing lists, calendar invites, team membership, and assigning privileges. You can use Workspace groups in Trustle for requesting and approving access.
You can use Trustle to display a catalog of apps available and automate approvals and provisioning of access.
Questions? Send us a note!
If you are just looking to ask us a quick question, feel free to send us an email at:
[email protected]