If you’re having trouble at any stage please contact us at firstname.lastname@example.org.
The goal of this guide is to add a new SkyFormation’s Google Apps Cloud
App Connector to your SkyFormation Platform.
- For OAuth2 authentication (not required for service account) - *Allow access to the entire .skyformation.net addresses over SSL from the desktop <br>
which will be used by the Google Apps admin to on-board the SkyFormation Google Apps <br>
connector (only needed for the on-boarding process)
How to validate:
(1) Open a browser <br>
(2) Go to https://auth.skyformation.net <br>
(3) You should see be able to reach this URL and get the following message (403 status)
- Make sure your G Suite edition is either Business or Enterprise one <br>
(should be done by a G Suite administrator)
To validate this browse to the Google Apps admin console https://admin.google.com navigate to<br>
the Billing tab and look for the below indication:
For more about the Google Apps for Work editions go to:<br>
- Enable API access<br> (should be done by a G Suite administrator)
At Google Apps admin console go to Security->API reference and mark the below option
- **Actions to take based on the cloud connector “Authentication Method”**you
The main differences between the two options is that with the " OAuth2"
option a G Suite<br>
administrator will have to be involved interactively in the SkyFormation
G Suite cloud connector<br>
onboard process. In the second option of " service-account"
the G Suite administrator will be<br>
asked to prepare an authorization file and send the file to the SkyFormation
That authorization file will be used by the SkyFormation admin when onboarding the<br>
SkyFormation G Suite cloud connector.
(Authentication Method option I)
Make sure a person
with G Suite admin rights is present when onboarding the<br>
Suite cloud connector.
Explanation<br>T he process of adding the connector involve an interactive action of authorizing the<br>SkyFormation G Suite cloud connector to communicate with the G Suite account and<br> retrieve relevant logs, events and data for the security monitoring.
(Authentication Method option II)
A G Suite administrator
will need to create a file (called " Service-Credentials-Json") <br>
which authorizes the G Suite cloud connector (or anyone else who possess it)<br>to communicate with the G Suite account and retrieve relevant logs, events and data<br>for the security monitoring.
To create the " Service-Credentials-Json"
JSON file ask the G Suite administrator to<br>
follow the instructions
at [Creating a “Service-Credentials-Json” file].<br>
Send the JSON file
in a very secure way
to the SkyFormation administrator<br>
to be available
at the G Suite cloud connector onboard process steps described<br>
- Set up Gmails logs in BigQuery
- Create a service account in the BigQuery project created
- Assign the BigQuery Data Viewer and the BigQuery Job User roles to the service account (GCP console > select project -> IAM > select service account > edit permissions )
- Create a JSON key for the service account
Logon to your SkyFormation Platform:
Navigate via left navigation panel to " Settings" section
Navigate via New Settings left navigation panel to " Accounts"
Click the “Add Account” bottom
At the “SELECT SERVICE TO ADD” choose “Google Apps Google”
You will see the below screen:
- Choose from the list the tenant to attach the connector to
6. Fill in the following information:
- **Account Name<br>**Give
this Google Apps connector a meaningful name for you. The will become your
connector name displayed in the SkyFormation
platform and added to entire events sent to<br>
your SIEM/Log/Splunk system as identifier.
e.g. “Corporate Google Apps platform”
** Add any
text that describe the specific cloud app connector function and meaning for
e.g. “Corporate email and file sharing platform using Google
- Choose the “Authentication Method” you would like the connector to use
“oauth2” / “service-account”
7.1 If you choose " oauth2" as the authentication method to use
Authorize the cloud connector to communicate with the G Suite account<br>(should
be done by a G Suite administrator)
Press the button
This will popup a new window with “Request for permission”
ask the Google Apps super<br>
admin for permission to allow SkyFormation connector to
integrate with the Google Apps<br>
If you are OK with the permissions requested
by the connector
Press on “Allow” to grant the permissions.
Go to 8 when done
7.2 If you choose " service-account" as the authentication
method to use
You should see a screen similar to the following:
- Fill in the
Copy and paste the entire content
of the JSON file created by the G suite<br>
administrator for the connector
- Fill in the
Admin-Usernameof a user with the following admin privileges: <br>
Admin console privileges-
Admin API privileges
- Organizational Units > Read, Users > Read, Groups > Read<br>
Service-Credentials-Json - BigQuery service account JSON key
BigQuery Dataset Name - BigQuery dataset name
Initial Sync - Hours From Now - number of hours in the past for the initial sync
8. Test the settings correctness
Press the “TEST CONNECTION” button
If you see a green OK sign appears as above you have completed
the onboard successfully.
- Click “SAVE” button
- Start the new connector
When a new cloud connector is added its default state is STOPPED.
To start it press its START button.