Enroll users in MA using Google Workspace

You can enroll users in the Arctic Wolf Managed Security Awareness® (MA) program using Google Workspace®.

Create a new project

  1. Sign in to the Google Cloud Console with super administrator permissions.
  2. Click Menu > IAM & Admin > Service Accounts.
  3. On the Service Accounts page, in the Organization list, select the name of your organization.
    Tip:

    The Organization list is next to the Google Cloud icon.

  4. Click Create Project.
  5. In the Project name field, enter a unique name for the Google User Synchronization with MA. For example, Google User Sync with MA for Example Organization.
    CAUTION:

    The project name cannot be changed later.

  6. Click Create.

Create a service account

  1. On the Service accounts page, click + Create Service Account.
  2. In the Service account details section, in the Service account name field, enter a unique name for the account. For example, Arctic Wolf MA User Sync.
    Note:

    Google Workspace automatically creates a Service account ID. Do not create your own or modify this field.

  3. Optional: In the Service account description field, enter a description for the account.
  4. Click Create And Continue.
  5. In the Grant this service account access to project section, in the Role list, select Owner.
  6. Click Done.

Add the Unique ID to the API access control

  1. Click Displayed columns, and then select the Unique ID checkbox.
  2. Click Ok.
  3. Copy the Unique ID, and then save it in a safe, encrypted location. You will provide it to Arctic Wolf later.
  4. In a new browser tab, sign in to the Google Admin with super administrator permissions.
  5. Click Menu > Security > Access and data control > API controls.
  6. In the Domain wide delegation section, click Manage Domain Wide Delegation.
  7. On the Domain Wide Delegation page, click Add new.
  8. In the Client ID field, paste the Unique ID value from the service account.

Authorize the OAuth scopes

  1. Copy these OAuth scopes:
    SHELL 
    https://www.googleapis.com/auth/admin.directory.group,https://www.googleapis.com/auth/admin.directory.user,https://www.googleapis.com/auth/admin.directory.user.readonly
  2. In the OAuth scopes (comma-delimited) field, paste the 0Auth scopes.
    Tip:

    Make sure that there are commas separating each scope.

  3. Click Authorize.

Enable the API

  1. Return to the tab where you are signed in to the Google Cloud Console.
    Tip:

    Verify that you are in the correct project.

  2. Click Menu > API & Services > Enabled APIs & services.
  3. On the APIs & Services page, click + Enable APIs And Services.
  4. On the API Library page, in the search bar, enter admin sdk api, and then select Admin SDK API from the results.
  5. On the Admin SDK API page, in the Manage Google Workspace account resources and audit usage. section, click Enable.

Add the service account key

  1. Click Menu > IAM & Admin > Service Accounts.
  2. On the Service Accounts page, in the Email column, click the email address for the Google Workspace MA integration.
  3. Click Keys.
  4. On the Keys tab, click Add Key.
  5. In the Add Key list, select Create new key.
  6. In the Key type list, select JSON.
  7. Click Create.
    Note:

    P12 keys are not supported for Google Workspace integration with Arctic Wolf Managed Security Awareness® (MA).

  8. Review the Private key saved to your computer dialog, and then click Close.
  9. Verify your service account key JSON file is saved in a secure location on your machine.

Integrate your Google Workspace access credentials with MA

  1. In a new browser tab, sign in to the MA Portal.
  2. Click Settings > User Management.
  3. In the New Integration section, in the Integration Type list, select Google Workspace.
  4. In the Integration Nickname field, enter a name for the integration.
  5. Configure these settings:
    • Customer Email — Enter your admin email address.
      Tip:

      Do not use the Email on the Service accounts > DETAILS page in the Google Cloud console.

    • Customer ID — Enter the Customer ID located in the Google Admin portal. To find this value, click Menu > Account > Account settings.
  6. Click Choose File to upload your Google Workspace access credentials JSON file, and then click Open.
  7. Click Test Connection, and then do one of these actions:
  8. In the Select a group list, select the group that you created for MA.
    CAUTION:

    Make sure that your Google Group includes all MA Portal administrators as active users.

  9. Click Query Group.
    Note:

    Record the group name and the total number of users. You will use this number later to make sure the intended users are active in the Arctic Wolf Unified Portal.

  10. Click Save Integration.
  11. On the User Integration page, in the Saved Credentials section, click Sync Now.

    Active users are pushed to the MA Portal.

    Note: If the changes are not seen in the MA Portal after 24 hours, submit a ticket in the

    Arctic Wolf Unified Portal.

Verify that intended users are active in the MA Portal

Note: If the user has an assigned manager, verify that the Manager field is completed in the Google Cloud Console portal. This ensures that manager information is included in CSV outputs from the MA Portal. For more information, see Enable or Disable Manager Status Report Emails.
  1. Click Administration Dashboard.
  2. Click the User Information tab.
  3. Make sure the number of entries at the bottom of the user table matches the total number of users you recorded earlier.