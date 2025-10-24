Availability The Google Admin (FedRAMP) CASB integration requires a special entitlement on your account. To request access, contact your account team.

The Google Admin (FedRAMP) integration detects a variety of data loss prevention, account misconfiguration, and user security risks in an integrated Google Workspace account that could leave you and your organization vulnerable.

Integration prerequisites

A Google Workspace account with a Business Starter, Business Standard, Business Plus or Enterprise plan

A Google Workspace user with Super Admin privileges ↗ and Owner permissions ↗ in the Google Cloud Platform (GCP) project used

Integration permissions

Refer to Google Workspace integration permissions for information on which API permissions to enable.

Security findings

The Google Admin (FedRAMP) integration currently scans for the following findings, or security risks. Findings are grouped by category and then ordered by severity level.

User account settings

Finding type FindingTypeID Severity Description Google Workspace: Admin user with two-factor authentication disabled 5f7c1f62-0ac6-4422-b3d3-d0566dd4e3f2 Critical An administrator in Google Workspace does not have two-factor authentication enabled. Google Workspace: User with two-factor authentication disabled 739e1965-2ab4-4946-8a56-73fd75154efa High A user in Google Workspace does not have two-factor authentication enabled. Google Workspace: Admin user with Gemini license with two-factor authentication disabled 27a0a9a0-13c6-4d8f-a67c-b455dd213cb9 High An administrator with a Gemini for Google Workspace license does not have two-factor authentication enabled. Google Workspace: User with Gemini license with two-factor authentication disabled c82024dc-b836-4b86-8c90-ab07971474e4 Medium A user with a Gemini for Google Workspace license does not have two-factor authentication enabled. Google Workspace: User without recovery email 2e2383bb-51e8-47fc-8ba7-2dd255c2545f Low A user in Google Workspace does not have a recovery email set. Google Workspace: User without recovery phone number ec326c68-f331-4597-9ec4-43dc197c86f4 Low A user in Google Workspace does not have a recovery phone number set.

Inactive or suspended users

Finding type FindingTypeID Severity Description Google Workspace: Inactive admin user 391ee66d-10e0-4b26-91b3-741a2a4c39d0 Medium An administrator account in Google Workspace has not logged in for 30 days. Google Workspace: Suspended admin user 31e02a11-aa3b-4278-97d3-9c0f7e8fd2c7 Medium An administrator account in Google Workspace is suspended. Google Workspace: Inactive user 7c098546-2e67-4f01-9fb7-bd48412bd178 Low A user account in Google Workspace has not logged in for 30 days. Google Workspace: Suspended user 84f514e3-f12d-49e5-bdfe-9073e336d89e Low A user account in Google Workspace is suspended. Google Workspace: Admin user suspended with AI Ultra license ee7d4ed6-479f-404f-8dbd-f82dce2a0f66 Low An administrator account in Google Workspace with an AI Ultra (Gemini for Workspace) license is suspended. Google Workspace: User suspended with AI Ultra license cf20e808-29ad-4026-a8f9-6ec3e069376c Low A user account in Google Workspace with an AI Ultra (Gemini for Workspace) license is suspended.

Third-party apps