Connect Google Workspace
Integrate Anzenna with Google Workspace to enable comprehensive monitoring of Google Drive, Gmail, and other Workspace applications with Data Loss Prevention (DLP) capabilities.
Prerequisites
- Google Workspace Super Admin access
- Anzenna account
- Domain-wide delegation permissions
Overview
The integration provides:
- Google Drive activity monitoring
- File sharing and access tracking
- DLP rule enforcement
- Alert monitoring from Google Admin
- Device management visibility
- Optional: File remediation capabilities
Step-by-Step Instructions
Part 1: Initial Authentication
Navigate to
app.anzenna.ai
Click Sign in with Google
Select your corporate Google account
Click Connect application to proceed
Part 2: Grant Initial Permissions
- Review the requested permissions
Select all three checkboxes to authorize Anzenna's access:
- View and manage Drive metadata
- View Drive activity
- View security alerts
Click Allow to grant permissions
Part 3: Configure Domain-Wide Delegation
Open a new tab and navigate to
admin.google.com
Go to Security > API Controls
Click Domain-wide Delegation
Click Add new
Part 4: Add Anzenna Client ID
In the Client ID field, enter:
114027939705457207819Part 5: Configure OAuth Scopes
Add these scopes (comma-separated or line-by-line):
Alert Monitoring:
https://www.googleapis.com/auth/apps.alertsDrive Metadata (Required):
https://www.googleapis.com/auth/drive.metadata.readonlyDrive Activity (Required):
https://www.googleapis.com/auth/drive.activity.readonlyDevice Management:
https://www.googleapis.com/auth/cloud-identity.devices.readonlyDrive Remediation (Optional):
https://www.googleapis.com/auth/driveClick AUTHORIZE to confirm delegation
Part 6: Finalize in Anzenna
Return to
app.anzenna.ai
Navigate to Settings > Integrations
- Find the Google Workspace integration
Click Re-sync to refresh the connection with new scopes
Verify integration shows as Connected
Verification
- Wait 15-30 minutes for initial sync
Navigate to Documents dashboard
- Verify Google Drive files are appearing
- Check file sharing events are visible
- Review Google Alerts are syncing
What Data is Collected
Drive Activity
- File creations, modifications, deletions
- File sharing events
- Permission changes
- Downloads and exports
- Comment activity
- Folder operations
File Metadata
- File names and types
- Owner information
- Sharing settings
- Permissions lists
- File sizes
- Last modified dates
Security Alerts
- DLP rule violations
- Suspicious sharing activity
- External sharing alerts
- Device compliance alerts
- Admin activity alerts
Device Information
- Enrolled devices
- Device compliance status
- Mobile device inventory
- Security settings
DLP Capabilities
With domain-wide delegation, Anzenna can:
- Monitor DLP rule violations in real-time
- Track sensitive data sharing
- Alert on policy breaches
- Identify data exfiltration attempts
- Correlate sharing patterns
Remediation Capabilities
With the drive scope enabled (optional):
- Revoke sharing permissions
- Delete shared links
- Quarantine files
- Change file permissions
- Move files to secure locations
The https://www.googleapis.com/auth/drive scope grants write access. Only enable if you need automated remediation capabilities.
Troubleshooting
Connection Fails
Authorization errors:
Verify Client ID is exactly:
114027939705457207819- Check all scopes are entered correctly
- Ensure no extra spaces in scope URLs
Confirm domain-wide delegation is authorized
No Data Appearing
Drive files not syncing:
- Wait 30-60 minutes for initial sync
- Verify domain-wide delegation is active
- Check that users have Drive files
- Ensure metadata readonly scope is granted
Permission Errors
Insufficient permissions:
- Review all five scopes are added
- Verify authorization was clicked
- Check Super Admin role for setup user
- Ensure API access is enabled in Workspace
Re-sync Doesn't Work
Re-sync fails after delegation:
- Wait 10-15 minutes for Google propagation
- Try disconnecting and reconnecting
- Clear browser cache
- Check Google Admin audit logs
Security Considerations
Domain-wide delegation - Grants Anzenna access on behalf of all users
Scope limitation - Only grants specific, documented permissions
Read-only default - Write access only if remediation scope added
Audit logging - All access logged in Google Admin
Revocable - Can be removed anytime from domain-wide delegation
Best Practices
Test in staging - Use test workspace first if available
Start read-only - Add remediation scope only if needed
Monitor alerts - Check Google Admin security alerts
Regular audits - Review delegation quarterly
Document setup - Record which scopes were granted
User communication - Inform employees about monitoring
Compliance review - Ensure meets data privacy requirements
Integration Maintenance
Regular Checks
Perform monthly:
- Verify connection active
- Check data freshness
- Review sync timestamps
- Test sample queries
Scope Management
To add or remove scopes:
Edit domain-wide delegation in Google Admin
- Update scope list
- Click Authorize
- Re-sync in Anzenna
- Verify new capabilities
Credential Rotation
Domain-wide delegation doesn't expire, but:
- Review delegation annually
- Audit which apps have delegation
- Remove unused delegations
- Document active integrations
Google Workspace Admin Settings
Enable API Access
Ensure API access is enabled:
Go to Security > API Controls
- Verify "Enable API access" is checked
- If disabled, enable and wait 24 hours
DLP Rules
To maximize Anzenna's DLP monitoring:
- Configure DLP rules in Google Admin
- Set up Gmail and Drive rules
- Enable alert notifications
- Anzenna will monitor rule violations
Related Resources
Need help? Contact
Anzenna Support
for assistance.