The Google Workspace integration detects a variety of data loss prevention, account misconfiguration, and user security risks in an integrated Google Workspace account that could leave you and your organization vulnerable.
This integration covers the following Google Workspace products:
These permissions follow the principle of least privilege to ensure that only the minimum required access is granted. To learn more about each permission, refer to the Google Workspace Admin SDK Directory API ↗.
Security findings
The Google Workspace integration currently scans for the following findings, or security risks. Findings are grouped by category and then ordered by severity level.
User account settings
Finding type
FindingTypeID
Severity
Description
Google Workspace: Admin user with two-factor authentication disabled
5f7c1f62-0ac6-4422-b3d3-d0566dd4e3f2
Critical
An administrator in Google Workspace does not have two-factor authentication enabled.
Google Workspace: User with two-factor authentication disabled
739e1965-2ab4-4946-8a56-73fd75154efa
High
A user in Google Workspace does not have two-factor authentication enabled.
Google Workspace: Admin user with Gemini license with two-factor authentication disabled
27a0a9a0-13c6-4d8f-a67c-b455dd213cb9
High
An administrator with a Gemini for Google Workspace license does not have two-factor authentication enabled.
Google Workspace: User with Gemini license with two-factor authentication disabled
c82024dc-b836-4b86-8c90-ab07971474e4
Medium
A user with a Gemini for Google Workspace license does not have two-factor authentication enabled.
Google Workspace: User without recovery email
2e2383bb-51e8-47fc-8ba7-2dd255c2545f
Low
A user in Google Workspace does not have a recovery email set.
Google Workspace: User without recovery phone number
ec326c68-f331-4597-9ec4-43dc197c86f4
Low
A user in Google Workspace does not have a recovery phone number set.
Inactive or suspended users
Finding type
FindingTypeID
Severity
Description
Google Workspace: Inactive admin user
391ee66d-10e0-4b26-91b3-741a2a4c39d0
Medium
An administrator account in Google Workspace has not logged in for 30 days.
Google Workspace: Suspended admin user
31e02a11-aa3b-4278-97d3-9c0f7e8fd2c7
Medium
An administrator account in Google Workspace is suspended.
Google Workspace: Inactive user
7c098546-2e67-4f01-9fb7-bd48412bd178
Low
A user account in Google Workspace has not logged in for 30 days.
Google Workspace: Suspended user
84f514e3-f12d-49e5-bdfe-9073e336d89e
Low
A user account in Google Workspace is suspended.
Google Workspace: Admin user suspended with AI Ultra license
ee7d4ed6-479f-404f-8dbd-f82dce2a0f66
Low
An administrator account in Google Workspace with an AI Ultra (Gemini for Workspace) license is suspended.
Google Workspace: User suspended with AI Ultra license
cf20e808-29ad-4026-a8f9-6ec3e069376c
Low
A user account in Google Workspace with an AI Ultra (Gemini for Workspace) license is suspended.
Gemini licensing
Finding type
FindingTypeID
Severity
Description
Google Workspace: Admin user with AI Ultra license
62fa682a-c2b5-4d5a-a086-8e60bed804d3
Low
An administrator in Google Workspace is assigned an AI Ultra (Gemini for Workspace) license.
Google Workspace: User with AI Ultra license
5b847ed3-6c02-4963-a1ab-82a4aa2b6c64
Low
A user in Google Workspace is assigned an AI Ultra (Gemini for Workspace) license.
File sharing
Finding type
FindingTypeID
Severity
Description
Google Workspace: File publicly accessible with edit access
29b01269-025f-4249-b5c1-0b9ec39823e0
Critical
A Google Drive file is publicly accessible on the Internet that anyone can read or write.
Google Workspace: File publicly accessible with view access
d5132bc7-4c41-4824-b879-3918bf7f6ee7
High
A Google Drive file is publicly accessible on the Internet that anyone can read.
Google Workspace: File shared outside company with edit access
71ec135e-3d4c-4d35-a2b7-4fd1e5b65b99
High
A Google Drive file is shared with another organization or outside party with read and write permissions.
Google Workspace: File shared outside company with view access
d4b231ad-9a8c-40d3-8654-5bd5bb86bf1a
Medium
A Google Drive file is shared with another organization or outside party with read permissions.
Google Workspace: File shared company-wide with edit access
0ed79f27-32fd-415a-a919-ea4af3bd25fd
Medium
A Google Drive file is shared with the entire company with read and write permissions.
Google Workspace: File shared company-wide with view access
a34753f3-aec7-4134-a30b-2ebb1d7e47de
Medium
A Google Drive file is shared with the entire company with read permissions.
Calendar sharing
Finding type
FindingTypeID
Severity
Description
Google Workspace: Calendar is publicly accessible
ec68bf68-b0c0-47b3-ad48-fcb3d7eaf8b6
Medium
A user's Google Calendar is publicly accessible on the Internet that anyone can read.