Sign up for FreeKnowledge Base

Google Workspace

This topic describes how to integrate P0 with your Google Workspace instance for effective identity and access management. This integration enables you to:

  • Manage user access and permissions through your Google Workspace directory

  • Maintain an inventory of users and groups for Identity and Access Management (IAM) assessments

  • Track access granted via group memberships, including transitive (nested) group relationships

  • Monitor group access settings and permissions

This guide has the following sections:

  1. Prerequisites

  2. Integrate Google Workspace with P0

  3. Feature Capabilities

Prerequisites

  • Existing P0 account at p0.app

  • Administrative access to Google Workspace. You must have the Workspace Admin role.

Integrate Google Workspace with P0

You can integrate Google Workspace from the P0 app:

  1. Navigate to "Integrations" on p0.app, then select "Google Workspace":

  1. Click "Install integration". This will take you to a Google consent screen:

  1. Allow all requested scopes, then click "Allow". You will be redirected to P0's site, and the number of discovered directory groups will be displayed.

If you don't allow all requested scopes, the installation may succeed, but P0 may not function correctly.

Congratulations. You've successfully integrated Google Workspace with P0.

Feature Capabilities

The Google Workspace integration enables the following capabilities:

Just-in-Time Access

Grant users temporary access to Google Workspace groups on demand. When a user requests access to a resource that requires group membership, P0 can automatically add them to the appropriate group for a limited time. P0 then removes them when the access period expires.

Posture Assessment

Include Google Workspace directory information in your security posture assessments. P0 can analyze your directory to identify potential security risks, such as:

  • Users without multi-factor authentication (MFA) enabled

  • Inactive or stale user accounts

  • Group membership configurations

Access Resolution

Resolve user access in connected resources (such as GCP) by examining Google Workspace group memberships. P0 traces how users gain access to resources through their group memberships, including nested groups where a user inherits membership through other groups.

Workspace Edition Requirements for Nested Groups

Discovering nested (transitive) group memberships requires one of the following Google Workspace or Cloud Identity editions:

  • Google Workspace Enterprise Standard

  • Google Workspace Enterprise Plus

  • Google Workspace Enterprise for Education

  • Cloud Identity Premium

See Google Workspace editions and Cloud Identity editions for more information.

If your organization doesn't have one of these editions, P0 automatically falls back to analyzing direct group memberships only.

Advanced Group Analysis (Beta)

P0 can perform deeper analysis of your Google Workspace groups, including group access controls and administrative privileges.

This capability is currently in beta. Contact P0 support to enable it for your organization.

PreviousRequesting AccessNextOkta

Last updated