Opal + Google Groups

‍

Opal + Google Groups Use Cases

Protect against breaches with least privilege

• Grant just-in-time access to Google Groups that are auto-expiring and fully audited using Slack
• Ensure that privileged roles have the appropriate identity governance and approval configurations, such as multi-stage approvals, max duration, custom fields, and more

Accelerate employee access on paved roads

• Enable resource owners with the most context to approve access requests and provision access automatically via Slack
• Accelerate employee onboarding by enabling managers to request on behalf of their reports or enabling self-service discovery of resource bundles

Simplify compliance without manual overhead

• Automate user access reviews so compliance teams can snapshot user listings, assign reviewers to self-service reviews, propagate access changes, and generate an auditor-friendly access report
• Review access of employees who have recently transferred roles or departments

Google Groups Overview

Google Groups enables businesses to send an email to everyone in a group with one address, invite a group to an event, or share documents with a group.

Opal + Google Groups Integration Overview

Opal natively integrates with Google Groups and inherits its structure and membership. This allows users to easily invite members to Opal and grant granular permissions based on existing groups, using your identity provider as the source of truth. With Opal, it's possible to grant role-based access to relevant tools while leveraging a request workflow to grant privileged access.

‍

Google Groups Setup

Once Okta is set up as an App, admins can easily use the same API credentials to import user attributes from Okta as the identity provider.

1. In the Apps sidebar, click on "New App", and select Google Groups

2. Create an Opal group, a service account, and enable the admin SDK API. Afterwards, you can upload service account credentials

3. Once the Google Groups app is set up, admins can navigate to Settings and set up your Identity Provider to easily sync users and attributes. Note: Opal will re-use the same API token