# Google Workspace

This app allows you to synchronize your Google Workspace assets into Badrap and receive security notifications about them.

Once installed, the app fetches a list of your organization's assets from your Workspace environment, and adds them as your assets in Badrap. Whenever your assets change in Workspace, they are synchronized and updated automatically in Badrap. Assets can include:

  • Domain names
  • Email addresses
  • Groups

The app can be connected to Workspace either with an admin or non-admin account. An admin account has by default the necessary rights to fetch information about your assets. For non-admin users, you can create a custom role that allows them to fetch your asset information, see step 2 below.

# Installing the app

  1. Google considers the Badrap app is "Unverified" because it requires certain "Limited" scopes from the Google Workspace user who installs it and it hasn't been vetted by Google.

    For a Google Workspace user to install the app, the app has to be allowlisted by an admin in their Google Workspace organization. The allowlisting can be done from the Google Admin panel (opens new window):

  • Navigate to Security -> Access and data control -> API Controls -> Manage Third-Party App Access -> Add app -> OAuth App Name Or Client ID.
  • In the search field fill in the app's client ID, and click Search. The page will list the matching apps by name. Highlight the app and click Select.
    • The Badrap app client ID is 896703348678-sg4fi97m6p6r10dj49bfu88fjhj0t0am.apps.googleusercontent.com, and the app is named Badrap App for Google Workspace.
  • The next page asks which client IDs you want to configure. Select all of them and click Select.
  • The next page asks you to choose the access type. Select Trusted and click Configure.
  1. After this process, any Google Workspace user of the organization can install the app. However, the users need to have a Google Workspace role that allows accessing the required APIs. Admin users have the required permissions by default. For non-admin users, a new role can be created in the Google Admin panel (opens new window):
  • Navigate to Admin roles and click Create new role.
  • Come up with a descriptive name for the role, for example "Badrap Watcher". Click Continue.
  • In the privilege selection list there is a separate section called Admin API privileges. From there enable Users -> Read, Groups -> Read and Domain Management privileges. Click Continue.
  • Click Create Role.
  • The role has now been created and can be assigned to the users that need the required permissions to install the Google Workspace Badrap app.
  1. After the steps above, you can proceed to install the Workspace app.

  2. Go to badrap.io (opens new window). Install the app for a team or for you personally.

    • Team: Pick your team from the menu and click Apps
    • Personal: Go to Settings -> Apps
  3. Open the Workspace app page (opens new window). Click Install.

  1. Review the permissions that the app requests. Click Install the app.
  1. Click on Add a new account.
  1. Select your Google account that you want to use to connect to your Google Workspace installation.
  2. Google will ask for your permission to share your Workspace assets with Badrap. Review the permissions and click Allow to provide your consent.
  1. In a few minutes, you should see your assets under the Google Workspace section on your My Assets (opens new window) page.

# Uninstalling the app

  1. Open the Workspace app page (opens new window) and click Uninstall.
  2. All assets listed by the app will disappear from your "My assets" page.
  3. From Google Admin panel (opens new window), go to Security -> API Controls -> Manage Third-Party App Access, search for the app called Badrap App for Google Workspace, and delete it.
  4. If you created a custom role for non-admin users in your organization to install the app, go to Google Admin panel (opens new window) and delete the custom role from the Admin roles menu.