Skip to content

Google Admin

The Google Admin integration detects a variety of data loss prevention, account misconfiguration, and user security risks in an integrated Google Workspace account that could leave you and your organization vulnerable.

Integration prerequisites

  • A Google Workspace account with a Business Starter, Business Standard, Business Plus or Enterprise plan
  • A Google Workspace user with Super Admin privileges and Owner permissions in the Google Cloud Platform (GCP) project used

Integration permissions

Refer to Google Workspace integration permissions for information on which API permissions to enable.

Security findings

The Google Admin integration currently scans for the following findings, or security risks. Findings are grouped by category and then ordered by severity level.

To stay up-to-date with new CASB findings as they are added, bookmark this page or subscribe to its RSS feed.

User account settings

Finding typeFindingTypeIDSeverityDescription
Google Workspace: Admin user with two-factor authentication disabled5f7c1f62-0ac6-4422-b3d3-d0566dd4e3f2CriticalAn administrator in Google Workspace does not have two-factor authentication enabled.
Google Workspace: User with two-factor authentication disabled739e1965-2ab4-4946-8a56-73fd75154efaHighA user in Google Workspace does not have two-factor authentication enabled.
Google Workspace: User without recovery email2e2383bb-51e8-47fc-8ba7-2dd255c2545fLowA user in Google Workspace does not have a recovery email set.
Google Workspace: User without recovery phone numberec326c68-f331-4597-9ec4-43dc197c86f4LowA user in Google Workspace does not have a recovery phone number set.

Inactive or suspended users

Finding typeFindingTypeIDSeverityDescription
Google Workspace: Inactive admin user391ee66d-10e0-4b26-91b3-741a2a4c39d0MediumAn administrator account in Google Workspace has not logged in for 30 days.
Google Workspace: Suspended admin user31e02a11-aa3b-4278-97d3-9c0f7e8fd2c7MediumAn administrator account in Google Workspace is suspended.
Google Workspace: Inactive user7c098546-2e67-4f01-9fb7-bd48412bd178LowA user account in Google Workspace has not logged in for 30 days.
Google Workspace: Suspended user84f514e3-f12d-49e5-bdfe-9073e336d89eLowA user account in Google Workspace is suspended.

Third-party apps

Finding typeFindingTypeIDSeverityDescription
Google Workspace: Installed 3rd-party app with Drive access191f0751-7087-4588-9e99-93c5dd834b5bHighA third-party application has been granted permissions to a user's Google Drive.
Google Workspace: Installed 3rd-party app with Gmail access431aecad-20e5-4a20-80ba-4b66eaaa1be4HighA third-party application has been granted permissions to a user's Gmail.
Google Workspace: Installed 3rd-party app with Google Docs accessfe41d53b-3bc3-45ef-95d2-75ba159ce60dMediumA third-party application has been granted permissions to a user's Google Documents.
Google Workspace: Installed 3rd-party app with Google Calendar access80102f46-43d4-437e-b694-e8ee2c077adeMediumA third-party application has been granted permissions to a user's Google Calendar.
Google Workspace: Installed 3rd-party app with Google Slides accessd88e106c-1f2e-4b63-acae-5cee19ded9ecMediumA third-party application has been granted permissions to a user's Google Slides.
Google Workspace: Installed 3rd-party app with Google Sheets accessece9a2fd-4248-4f11-bc45-8b4189eedb54MediumA third-party application has been granted permissions to a user's Google Sheets.
Google Workspace: Installed 3rd-party app with Google Sign In access26b938ea-8d24-4ea5-8e81-2eae26830061LowA user has used their Google Workspace account to sign up for a third party service.