To ensure secure access to your Google Workspace domain's data, ATTACK Simulator utilizes a service account that requires access permissions from a domain's super administrator. This guide will provide step-by-step instructions on how to delegate domain-wide authority to this service account.
The integration with third party domains can be easily done on ATTACK Simulator's integration page in just a few steps.
Step 1: Access the Domain-Wide Delegation Page
Start by logging into your Google Workspace domain. Once you are logged in, navigate to the Domain Wide Delegation page. You can manage the access permissions for different service accounts on this page.
Step 2: Add a New API Client
In the Domain Wide Delegation page, locate the section labeled 'API Clients'. Click on 'Add new' to start the process of adding a new client.
Step 3: Fill in the Client ID Field
In the Client ID field, enter the following value: 105397452979172431362. This is the unique identifier for the ATTACK Simulator's service account.
Step 4: Specify the OAuth Scopes
Next, you need to specify the OAuth Scopes. These scopes determine the level of access that the service account has to your Google Workspace data.
In the OAuth Scopes field, enter the following values:
https://www.googleapis.com/auth/admin.directory.user.readonly,https://www.googleapis.com/auth/admin.directory.group.readonly,https://www.googleapis.com/auth/gmail.modify
Each of these scopes grants read-only access to user and group data, as well as the ability to modify Gmail data (like adding emails in your users' inboxes).
Step 5: Authorize the Service Account
Once you have entered all the necessary information, click 'Authorize'. This action will grant the ATTACK Simulator's service account the permissions specified in the OAuth Scopes.
If everything works correctly, you should see the ATTACK Simulator app in your account, along with the authorized scopes.
Step 6: Validate the Settings
After granting the permissions in your Google Workspace domain, head back to the ATTACK Simulator console to validate that the settings have been configured correctly. Please type your Google Workspace admin account email, click the 'I've added these settings' checkbox and click 'Validate'. This will run a check to ensure that everything is working as expected.
You will need your Google Workspace Admin Email for the validation process
By following these steps, you can successfully connect ATTACK Simulator to the Google Workspace API and ensure secure and controlled access to your domain's data.