Aptible Comply Documentation

Google integration logo

Description

G Suite is Google’s business productivity suite that includes business email, cloud storage, and collaboration tools. If you manage your employees in Google, then this integration will be perfect for keeping track of all your people assets.

Benefits

Up-to-date asset inventory
By syncing with G Suite, you'll keep your "People" and "Groups" up-to-date in Comply. Tickets can automatically trigger whenever there are new assets detected - for example, Comply can automatically trigger your Employee Onboarding procedure whenever a new person is detected in G Suite, or your Employee Offboarding procedure whenever a person is deprovisioned.

Automatic 2FA evidence
Every month, Comply will scan your G Suite users to ensure that 2FA is enabled and produce evidence to use in an audit. Read more about events and automations here and details on the specific events associated with this integration are listed below.

Security

We use Google's robust permissions system to ask for only the read-only access we need. You can review each permission we request during the install process.

Automations

Automation

Description

Returns

Framework Mappings

MFA Policy

Ensures account has multi-factor authentication enabled (i.e., if there is an MFA Policy Enabled tag on the event).

Comply creates an issue if MFA policy is disabled or if there is an unknown MFA policy (i.e., if there is an MFA Policy Disabled tag on the event)

ISO: A.9.3.1, A.9.4.2,
SOC 2: CC6.1
HIPAA: 164.312(d)

Events

G Suite provides MFA Policy Scan events. The event will either be tagged MFA Policy Enabled or MFA Policy Disabled.

The out of the box automations that are created by this integration will generate healthy evidence for 'MFA Policy Enabled` and Needs Attention evidence for 'MFA Policy Disabled'. You can customize this behavior by editing the automations, including triggering tickets for followup work (e.g. investigating any Account found not to have enabled 2FA (and recording the exception where appropriate).

Setup

  1. Login to an admin account for your Google organization.
  2. Click the Authorize link in Comply to be taken through the Google login process.

Troubleshooting

The most common problems when setting up the integration are:

  • Not being logged into a GSuite admin account.
  • GSuite account only allows whitelisted applications. If you receive a whitelist error, you can add the following Client ID to your whitelist:
332763678037-lj7nbvcusr0ignmd3ahbo5bmftrhuimv.apps.googleusercontent.com

If you receive an error message when trying to sync your integration, please check the above items and contact [email protected] if the problem persists.

Updated about a month ago


G Suite


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.