Google Workspace Integration Setup Guide

Follow these steps to connect your Google Workspace directory for automated access reviews.

1

Create Service Account

First, you need to create a Service Account in the Google Cloud Console.

  1. Go to the Google Cloud Console Service Accounts page.
  2. Select an existing project or create a new one.
  3. Click + CREATE SERVICE ACCOUNT.
  4. Enter a name (e.g., "Pensure Scanner") and click CREATE AND CONTINUE.
  5. Click DONE (no specific roles are needed on the project itself).
2

Enable Admin SDK API

The service account needs access to the Admin SDK.

  1. Go to Admin SDK API library page.
  2. Click ENABLE.
3

Generate Key & Client ID

You need the JSON key file and the Client ID for the next steps.

  1. Go back to the Service Accounts list.
  2. Click on your newly created service account email.
  3. Go to the KEYS tab.
  4. Click ADD KEY > Create new key.
  5. Select JSON and click CREATE. The file will download automatically.
  6. Keep this file safe! You will paste its content into Pensure later.
  7. Go to the DETAILS tab and copy the Unique ID (Client ID).
4

Authorize Domain-Wide Delegation

Authorize the service account to access user data in your Google Workspace.

  1. Go to the Google Workspace Admin Console (Domain-Wide Delegation).
  2. Click Add new.
  3. In Client ID, paste the Unique ID you copied in Step 3.
  4. In OAuth Scopes, paste exactly:
    https://www.googleapis.com/auth/admin.directory.user.readonly
  5. Click AUTHORIZE.
5

Configure Pensure

Now go back to Pensure Settings and enter the details.

  • Admin Email: Enter the email address of a Super Admin user in your Google Workspace (e.g., [email protected]). The service account will impersonate this user.
  • Service Account JSON: Open the JSON file you downloaded in Step 3 with a text editor. Copy the entire content and paste it into the field.
Go to Settings