Overview
This article covers the additional permissions required to integrate Google Workspace Posture SSPM into Grip.
Prerequisites
Administrator account for the Google Workspace tenant undergoing integration.
Follow the Google Workspace Setup article steps
We recommend reading the "Introduction to Posture Management" article to learn about posture at Grip.
Required permissions
Add permissions: Under Project >> Service Account >> Project change the permissions to the below:
https://www.googleapis.com/auth/cloud-platform.read-only,https://www.googleapis.com/auth/gmail.readonly,https://www.googleapis.com/auth/admin.directory.user.readonly,https://www.googleapis.com/auth/admin.directory.user.security,https://www.googleapis.com/auth/admin.reports.audit.readonly,https://www.googleapis.com/auth/admin.directory.group.readonly,https://www.googleapis.com/auth/admin.directory.domain.readonly,https://www.googleapis.com/auth/admin.directory.orgunit.readonly,https://www.googleapis.com/auth/apps.groups.settings,https://www.googleapis.com/auth/cloud-identity.policies.readonlyEnable the following APIs: “Groups Settings API” & & "Cloud Identity."
.png?sv=2022-11-02&spr=https&st=2025-04-25T15%3A07%3A54Z&se=2025-04-25T15%3A18%3A54Z&sr=c&sp=r&sig=hvNufKntVK%2BWOLEEA6PI0kY%2BgZj5oLj4MbyvUzmZijo%3D)
To complete the Google Workspace posture SSPM integration with Grip, you will need to get the Customer ID.
Get the Customer ID from admin.google.com, under “Account” >> “Account Settings”
.png?sv=2022-11-02&spr=https&st=2025-04-25T15%3A07%3A54Z&se=2025-04-25T15%3A18%3A54Z&sr=c&sp=r&sig=hvNufKntVK%2BWOLEEA6PI0kY%2BgZj5oLj4MbyvUzmZijo%3D)
Connecting Grip portal
From the Grip portal, go to “Posture” >> “Add Tenant”>> “Google Workspace” >> “Add Tenant”
Populate the required fields:
Field Name | Description and Source |
|---|---|
Display Name | Provide a friendly display name for the Tenant |
Tenant ID (Customer ID) | Get the Customer ID from admin.google.com, under “Account” >> “Account Settings”>>״Customer ID”” |
Project ID | console.cloud.google.com » Project selector > Copy the ID of the Grip Project |
Client Email & Client ID | console.cloud.google.com » IAM & Admin » Service Account » Choose the discovery service account
|
Domain Admin | The email address of the domain admin |
Click “Add Tenant”.
.png?sv=2022-11-02&spr=https&st=2025-04-25T15%3A07%3A54Z&se=2025-04-25T15%3A18%3A54Z&sr=c&sp=r&sig=hvNufKntVK%2BWOLEEA6PI0kY%2BgZj5oLj4MbyvUzmZijo%3D)
The Tenant will be added to the “Connected Tenants” list
.png?sv=2022-11-02&spr=https&st=2025-04-25T15%3A07%3A54Z&se=2025-04-25T15%3A18%3A54Z&sr=c&sp=r&sig=hvNufKntVK%2BWOLEEA6PI0kY%2BgZj5oLj4MbyvUzmZijo%3D)
Once the integration is connected, you will be able to see and filter your policy statuses, assess your security posture, and begin fixing it.
.png?sv=2022-11-02&spr=https&st=2025-04-25T15%3A07%3A54Z&se=2025-04-25T15%3A18%3A54Z&sr=c&sp=r&sig=hvNufKntVK%2BWOLEEA6PI0kY%2BgZj5oLj4MbyvUzmZijo%3D)