Skip to Content

Security & Compliance

Lynx Compliance - Google Workspace Connector

Pulls compliance evidence from Google Workspace - user inventory with 2SV enrollment, group memberships, admin audit activities, alerts, organisational units - via OAuth2 service-account auth with domain-wide delegation.

Talk to sales See pricing

lynx_compliance_connector_google_workspace · v19.0.1.0.0 · Premium

What this solves

Lynx Compliance - Google Workspace Connector

Compliance evidence pulled from Google Workspace. Auditors look at this surface to verify: who has accounts (PR.AA-01), is 2-Step Verification enrolled (PR.AA-03), what privileged groups exist (PR.AA-05), what admin actions happened in the last 90 days (DE.CM-01), and what security alerts the Workspace Alert Center raised (DE.AE-08).

Authentication is OAuth2 service-account with domain-wide delegation — the only viable path for unattended cron-driven collectors against Google APIs. The customer creates a service account in their Workspace admin console, grants domain-wide delegation for the necessary scopes, and pastes the service-account JSON key into the connector's credential_secret field along with the admin user to impersonate.

Key Features

  • Google Workspace connector type - configure with the service-account JSON key + an admin email to impersonate.

  • Five resource pulls - active users (with 2SV / admin flags), groups, admin audit activities (90d), Alert Center alerts, and an aggregate 2SV enrollment summary row.

  • Pre-seeded collectors - five collectors covering PR.AA-01 (workforce inventory), PR.AA-03 (2SV enforcement), PR.AA-05 (privileged groups), DE.CM-01 (admin audit), DE.AE-08 (security alerts).

  • Service-account auth - tokens auto-refresh via the standard google-auth library; cron runs without manual rotation.

  • Strict scope check - test_connection probes the directory API + reports the impersonated subject + customer ID so misconfiguration is caught immediately.

Integrates With

  • lynx_compliance_connectors - registers under the connector framework.

  • lynx_compliance_evidence_collectors - shipped collectors use the standard schedule.

  • Google Workspace via the google-auth library + requests.

Depends on

base lynx_compliance lynx_license_enforcer lynx_base lynx_compliance_evidence_collectors lynx_compliance_connectors lynx_compliance_certification

Try Lynx Compliance - Google Workspace Connector on your team.

Free trial, no credit card. Talk to sales when you're ready.

Start free trial Browse all modules