Team: Managed Identity Threat Detection and Response (ITDR)
Product: Google Workspace
Summary: Connect your Google Workspace environment to Huntress to protect your identities with Managed ITDR.
STOP AND READ: Directions in this article have been updated to reflect our new Identity Provider Integration dashboard setup method. Please review our new guide for more details on this setup process as this will replace the separate guides we have used for Microsoft 365 and Google Workspace.
Overview
By authorizing the Huntress Google App, you enable Managed Identity Threat Detection and Response (ITDR) to monitor your Google Workspace identities. This integration allows the Huntress SOC to detect and respond to suspicious activity, such as unauthorized access or malicious inbox rules.
You must complete these steps for every Google Workspace environment (client) you wish to protect. Each environment must be integrated individually to ensure proper data isolation and monitoring.
Before You Begin
To perform these steps, you must be signed in to your Google Admin console as a Super Administrator. Standard administrator accounts do not have sufficient permissions to authorize domain-wide delegation. This administrator account must remain active and must retain super admin privileges for the ITDR integration to function correctly.
Integrating a new GWS tenant with Huntress ITDR
Review the Identity Provider Integration dashboard guide for complete onboarding steps.
Caution: When copying IDs and scopes, paste them directly into the Google Admin console. Do not use a text editor or Notepad as an intermediate step, as this can introduce hidden characters or formatting that will cause the authorization to fail
Add an Expected Rule for the Usage Location Country associated with the company in the Huntress Dashboard. This will help avoid unexpected escalations, as we can't currently collect Usage Location from GWS. How to Create an Unwanted Access Rule
If you need troubleshooting assistance, please see our ITDR for Google Workspace Common Troubleshooting Steps guide here.