If you’re having trouble at any stage please contact us at support@skyformation.com.

Preface

The goal of this guide is to add a new SkyFormation’s Google Apps Cloud
App Connector to your SkyFormation Platform.

Prerequisites

• For OAuth2 authentication (not required for service account) - *Allow access to the entire .skyformation.net addresses over SSL from the desktop <br>
    which will be used by the Google Apps admin to on-board the SkyFormation Google Apps <br>
    connector (only needed for the on-boarding process)

How to validate:

(1) Open a browser <br>
  (2) Go to https://auth.skyformation.net <br>
  (3) You should see be able to reach this URL and get the following message (403 status)

• Make sure your G Suite edition is either Business or Enterprise one <br>
    (should be done by a G Suite administrator)

<br>
  To validate this browse to the Google Apps admin console https://admin.google.com navigate to<br>
  the Billing tab and look for the below indication:

For more about the Google Apps for Work editions go to:<br>
https://apps.google.com/intx/en/pricing.html

- Enable API access<br> (should be done by a G Suite administrator)

At Google Apps admin console go to Security->API reference and mark the below option

• **Actions to take based on the cloud connector “Authentication Method”**you
  will choose

The main differences between the two options is that with the " OAuth2"
option a G Suite<br>

administrator will have to be involved interactively in the SkyFormation
G Suite cloud connector<br>

onboard process. In the second option of " service-account"
the G Suite administrator will be<br>

asked to prepare an authorization file and send the file to the SkyFormation
admin.<br>

That authorization file will be used by the SkyFormation admin when onboarding the<br>

SkyFormation G Suite cloud connector.

(Authentication Method option I)
" OAuth2"

Make sure a person
with G Suite admin rights is present when onboarding the<br>

SkyFormation G
Suite cloud connector.

Explanation<br>T he process of adding the connector involve an interactive action of authorizing the<br>SkyFormation G Suite cloud connector to communicate with the G Suite account and<br> retrieve relevant logs, events and data for the security monitoring.

(Authentication Method option II)
" service-account"

A G Suite administrator
will need to create a file (called " Service-Credentials-Json") <br>

which authorizes the G Suite cloud connector (or anyone else who possess it)<br>to communicate with the G Suite account and retrieve relevant logs, events and data<br>for the security monitoring.

To create the " Service-Credentials-Json"
JSON file ask the G Suite administrator to<br>

follow the instructions
at [Creating a “Service-Credentials-Json” file].<br>

<br>

Send the JSON file
created
in a very secure way
to the SkyFormation administrator<br>

to be available
at the G Suite cloud connector onboard process steps described<br>

below.

Gmail Logs (Optional)

1. Set up Gmails logs in BigQuery
2. Create a service account in the BigQuery project created
3. Assign the BigQuery Data Viewer and the BigQuery Job User roles to the service account (GCP console > select project -> IAM > select service account > edit permissions )
   
4. Create a JSON key for the service account

Steps

1. Logon to your SkyFormation Platform:

2. Navigate via left navigation panel to " Settings" section

3. Navigate via New Settings left navigation panel to " Accounts"
   section

4. Click the “Add Account” bottom

5. At the “SELECT SERVICE TO ADD” choose “Google Apps Google”

You will see the below screen:

5. Choose from the list the tenant to attach the connector to

e.g. “default-tenant”

6. Fill in the following information:

- **Account Name<br>**Give
this Google Apps connector a meaningful name for you. The will become your
cloud app<br>

connector name displayed in the SkyFormation
platform and added to entire events sent to<br>

your SIEM/Log/Splunk system as identifier.

e.g. “Corporate Google Apps platform”

- **Description<br>
**      Add any
text that describe the specific cloud app connector function and meaning for
the <br>

business.

e.g. “Corporate email and file sharing platform using Google
Apps”

6. Choose the “Authentication Method” you would like the connector to use

“oauth2” / “service-account”

7.1 If you choose " oauth2" as the authentication method to use

-
Authorize the cloud connector to communicate with the G Suite account<br>(should
be done by a G Suite administrator)

Press the button

This will popup a new window with “Request for permission”
ask the Google Apps super<br>

admin for permission to allow SkyFormation connector to
integrate with the Google Apps<br>

application.

If you are OK with the permissions requested
by the connector

Press on “Allow” to grant the permissions.

Go to 8 when done

7.2 If you choose " service-account" as the authentication
method to use

You should see a screen similar to the following:

- Fill in the
Service-Credentials-Json

Copy and paste the entire content
of the JSON file created by the G suite<br>

administrator for the connector
to here

- Fill in the
Admin-Usernameof a user with the following admin privileges: <br>

Admin console privileges-
Reports<br>

Admin API privileges

• Organizational Units > Read, Users > Read, Groups > Read<br>

<br>

Endpoint Gmail Logs (optional)

Service-Credentials-Json - BigQuery service account JSON key
BigQuery Dataset Name - BigQuery dataset name
Initial Sync - Hours From Now - number of hours in the past for the initial sync

8. Test the settings correctness

Press the “TEST CONNECTION” button

If you see a green OK sign appears as above you have completed
the onboard successfully.

• Click “SAVE” button

9. Start the new connector

When a new cloud connector is added its default state is STOPPED.

To start it press its START button.

<br>

DONE !