Managed Security Awareness Initial Setup - Step 1

Updated Jan 4, 2024

Enroll users in MA using Google Workspace

You can enroll users in the MA program using Google Workspace®.

Requirements

Steps

  1. Create a new project.
  2. Create a service account.
  3. Add the Unique ID to the API access control.
  4. Authorize the OAuth scopes.
  5. Enable the API.
  6. Add the service account key.
  7. Integrate your Google Workspace access credentials with MA.
  8. Verify that intended users are active in the MA Portal.

Step 1: Create a new project

  1. Sign in to the Google Cloud Console with super administrator permissions.
  2. Click Menu > IAM & Admin > Service Accounts.
  3. On the Service Accounts page, in the Organization list, select the name of your organization.

    Tip: The Organization list is next to the Google Cloud icon.

  4. Click Create Project.
  5. In the Project name field, enter a unique name for the Google User Synchronization with MA. For example, Google User Sync with MA for Cipher’s Coffee Shop.

    Caution: The project name cannot be changed later.

  6. Click Create.

Step 2: Create a service account

  1. On the Service accounts page, click + Create Service Account.
  2. In the Service account details section, in the Service account name field, enter a unique name for the account. For example, Arctic Wolf MA User Sync.

    Note: Google Workspace automatically creates a Service account ID. Do not create your own or modify this field.

  3. (Optional) In the Service account description field, enter a description for the account.
  4. Click Create And Continue.
  5. In the Grant this service account access to project section, in the Role list, select Owner.
  6. Click Done.

Step 3: Add the Unique ID to the API access control

  1. Click Displayed columns, and then select the Unique ID checkbox.
  2. Click Ok.
  3. Copy the Unique ID, and then save it in a safe, encrypted location. You will provide it to Arctic Wolf later.
  4. In a new browser tab, sign in to the Google Admin with super administrator permissions.
  5. Click Menu > Security > Access and data control > API controls.
  6. In the Domain wide delegation section, click Manage Domain Wide Delegation.
  7. On the Domain Wide Delegation page, click Add new.
  8. In the Client ID field, paste the Unique ID value from the service account.

Step 4: Authorize the OAuth scopes

  1. Copy these OAuth scopes:
    https://www.googleapis.com/auth/admin.directory.group,https://www.googleapis.com/auth/admin.directory.user,https://www.googleapis.com/auth/admin.directory.user.readonly
  2. In the OAuth scopes (comma-delimited) field, paste the 0Auth scopes.

    Tip: Make sure that there are commas separating each scope.

  3. Click Authorize.

Step 5: Enable the API

  1. Return to the tab where you are signed in to the Google Cloud Console.

    Tip: Verify that you are in the correct project.

  2. Click Menu > API & Services > Enabled APIs & services.
  3. On the APIs & Services page, click + Enable APIs And Services.
  4. On the API Library page, in the search bar, enter admin sdk api, and then select Admin SDK API from the results.
  5. On the Admin SDK API page, in the Manage Google Workspace account resources and audit usage. section, click Enable.

Step 6: Add the service account key

  1. Click Menu > IAM & Admin > Service Accounts.
  2. On the Service Accounts page, in the Email column, click the email address for the Google Workspace MA integration.
  3. Click Keys.
  4. On the Keys tab, click Add Key.
  5. In the Add Key list, select Create new key.
  6. In the Key type list, select JSON.
  7. Click Create.

    Note: P12 keys are not supported for Google Workspace integration with MA.

  8. Review the Private key saved to your computer dialog, and then click Close.
  9. Verify your service account key JSON file is saved in a secure location on your machine.

Step 7: Integrate your Google Workspace access credentials with MA

  1. In a new browser tab, sign in to the MA Portal.

  2. Click Settings > User Management.

  3. In the New Integration section, in the Integration Type list, select Google Workspace.

  4. In the Integration Nickname field, enter a name for the integration.

  5. Configure these settings:

    Tip: To find the Customer Email and Customer ID in the Google Admin portal, click Menu > Account > Account settings.

  6. Click Choose File to upload your Google Workspace access credentials JSON file, and then click Open.

  7. Click Test Connection, and then do one of these actions:

  8. In the Select a group list, select the group that you created for MA.

    Caution: Make sure that your Google Group includes all MA admins as active users.

  9. Click Query Group.

    Note: Record the group name and the total number of users. You will use this number later to make sure the intended users are active in the MA Portal.

  10. Click Save Integration.

  11. On the User Integration page, in the Saved Credentials section, click Sync Now.

    Active users are pushed to the MA Portal.

Step 8: Verify that intended users are active in the MA Portal

  1. Click Administration Dashboard.
  2. Click the User Information tab.
  3. Make sure the number of entries at the bottom of the user table matches the total number of users you recorded earlier.

Next steps