Google Workspace Target Directory Integration enables you to synchronise your Google Workspace directories to your CanIPhish account. When an individual is added to a Workspace Group, that individual will automatically be synchronised to the relevant CanIPhish target listings. This document describes how to synchronise Workspace Groups to CanIPhish. This will automate the process of adding or removing users from phishing campaigns.
Note: It is required to have a Google Workspace Account. You will also be required to setup at least one group within Google Workspace that contains all users that you would like to participate in phishing simulations.
Integrating with CanIPhish
To integrate your Google Workspace Directory with CanIPhish, log in to your account and navigate to Targets > Target Directory Sync.
Click Google Workspace and then input a unique Directory Name. Once provided, click Sync Directory.
If your browser doesn't already have an active Google session, you'll be prompted to login via the Google login portal. Once signed in, you'll be prompted to authorise the CanIPhish Google Client to access several APIs within your Google account. Make sure all scopes are ticked and then click 'Continue' to authorise the access.
Note: Access to all scopes is required to successfully setup the integration. Click here to understand in further detail what information we're accessing.
Once authorised, you'll be immediately redirected to the CanIPhish Target Users page and notified on the status of the integration. You should observe a successful notification on the top right hand side of your success, along with directory being visible as 'Active'.
Once synchronised, you will be able to create a new target listing that leverages security groups within that directory. To setup your first target listing, exit the directory synchronisation view and click on New Target List.
Specify a Target Name, click on Directory Import and select the Target Directory synced in the previous step. Wait up to 30 seconds for the Directory Groups to load and then select one or more Groups for CanIPhish to sync with and then click Sync Directory Targets.
Note: For Google Workspace integrations, the Directory Attribute Mapping cannot be changed. If this negatively impacts your organisation, please contact CanIPhish and we'll be happy to investigate this.
Once synchronised your users will appear in the data table. When happy that the required users have been synchronised with CanIPhish, simply click Save.
All done!!! CanIPhish will synchronise any changes in your directory groups to your CanIPhish target listing every 24 hours. To action changes earlier than that, simply manually update the target listing and resynchronise the directory group across.
Appendix: Additional Information on Google API Scopes
We'll be accessing APIs that allow us to read information relating to directory groups, group members and individual users. Additionally, we'll read information from your google profile so we can determine what user has authorised the API access, which will then be readable within your CanIPhish tenant. The below table outlines the scopes we're accessing in detail:
DirectoryService.Scope.AdminDirectoryUserReadonly
Provides CanIPhish with access to read user information such as first names, last names, email addresses, organisation names and job titles. All of which are used to personalise phishing campaigns and make them appear realistic.
DirectoryService.Scope.AdminDirectoryGroupReadonly
Provides CanIPhish with access to read group information such as group names and IDs. This is used to provide you with the option of targeting a subset of users within your environment.
DirectoryService.Scope.AdminDirectoryGroupMemberReadonly
Provides CanIPhish with access to read group member information such as email addresses of users associated to a group. This information is used to determine what user information needs to be read.
PeopleServiceService.Scope.UserinfoProfile
Provides CanIPhish with access to read the first name and last name of the user authorising the CanIPhish client application.
PeopleServiceService.Scope.UserinfoEmail
Provides CanIPhish with access to read the primary email address of the user authorising the CanIPhish client application.
Comments
0 comments
Please sign in to leave a comment.