Contact Us


Need Help?

System Status | All Products | Training Webinars | Order Supplies | Contact Us
  • All Products
  • Detect
  • Integrations  

Google Workplace Integration Setup - Digital Threat Detection

Learn how to set up an account with the Google Workplace integration.

Contact Us


Need Help?

  • Emergency Management Suite
    Getting Started Site Setup EMS Webinar Links User Management Features & Functions Analytics & Reporting Troubleshooting EMS Resources 911Cellular: Integrations On-Demand Learning
  • Preparation & Response Training
    Getting Started NTI Webinar Links User Management Course Management Analytics & Reporting   Troubleshooting PRT Resources  Release Notes & Updates
  • PBIS Rewards
    Launching PBISR Webinar Links User Management  PBIS Rewards Feature/Function Overview  Analytics & Reporting   Troubleshooting   Hardware / Consumables On-Demand Learning Integrations   Release Notes & Updates  PBIS Rewards Specific Resources 
  • Compass
    Getting Started Webinar Links Data & User Management  Compass Curriculum for Students, Staff, & Families Compass Behavior Intervention Compass Mental Health + Prevention Compass for Florida - Character Ed, Resiliency, & Prevention Compass for Texas - Character Ed Analytics & Reporting   Release Notes & Updates  Additional Resources
  • Behavioral Case Manager
    Getting Started Webinar Links User Management  Feature/Function Overview  Analytics & Reporting   Troubleshooting   Release Notes & Updates  Resources / User Guides State Specific Guidance
  • Visitor Management
    Release Notes & Updates  Getting Started Webinar Links User Management  Feature/Function Overview Analytics & Reporting   Troubleshooting   Hardware / Consumables Resources  Integrations
  • School Check In
    Getting Started  SCI Webinar Links User Management  SCI Feature/Function Overview  Analytics & Reporting   Troubleshooting   Hardware / Consumables SCI Resources 
  • ALICE Training Institute
    User Management  ALICE Feature/Function Overview  ALICE Resources  Troubleshooting  
  • Detect
    Getting Started Detect Webinar Links Integrations   Detect Resources  Troubleshooting Release Notes & Updates 
  • Anonymous Tip Reporting
    Getting Started  P3 Webinar Links User Management  P3 Feature/Function Overview  Analytics & Reporting   Integrations   Release Notes & Updates  P3 Resources 
  • Resources
    Notices Downloads SIS Integration Billing
  • Back-to-School
    Character & Culture Detection & Prevention Preparation & Response
+ More


Google Workplace Integration Setup

Using Detect’s Google Workplace Integration, the Language Engine can identify potentially harmful threats or mental health concerns experienced by students. As such, school-sanctioned email and productivity tools help support an early intervention approach to student wellness. Concerning content will be categorized and delivered into the platform as Alerts or Discussions in near real-time. 

Delete

Which Google Workplace Solutions Are Scanned By Detect?

Google Docs (Upon Updates), Gmail, and Hangouts Chat messages.


Google Workplace setup will be comprised of the following:

  • API Configuration
  • Dedicated Detect Service Account Configuration
  • Mapping Organizational Units
  • Google Chat Archiving Settings Configuration



Digital Threat Detection: Full License

API Configuration

Step 1: Log into https://admin.google.com/ac/owl/domainwidedelegation directly or by following these steps:

  1. Go to the Google Workplace domain’s Admin console, https://admin.google.com
  2. Select Security from the list of controls on the left side of the browser. 
  3. Select API Access. Navigate to the bottom of the screen and select Manage Domain Delegation. 

Step 2: In the Manage Domain Delegation page, select Add New to configure the new key. 
To ensure successful integration, copy and paste the following values: 

Client ID field: 114279029511177273649

API Scopes field:

API
Description
https://www.googleapis.com/auth/admin.directory.user.readonly

Required by the Google Directory Listing*
https://www.googleapis.com/auth/gmail.readonly

Required by Gmail, and Hangout Chat* 
https://www.googleapis.com/auth/drive.activity.readonly

Required by Google Drive (Docs)**
https://www.googleapis.com/auth/drive.readonly

Required by Google Drive (Docs)**

* Required for overall Google Workplace Integration
** Optional for Google Doc scanning capabilities

Step 3: Click Authorize. 

If configured properly, Navigate360 Detect now has read-only access to your domain’s user listing, users’ Docs updates, Gmail, and Hangouts Chat messages. Confirm the product was integrated successfully by viewing the Validation Link shared with you by your N360 Implementation Consultant.


Dedicated Detect Service Account Configuration

It is recommended that a dedicated service account be created to be used in the Google Workplace - Detect Integration. This will allow continued scanning, even if the primary Google Admin changes.  When creating the service account, please be sure to provide the proper permissions to ensure that the integration is able to properly read your OU groups.



Mapping Organizational Units

Organizational Units, or OUs, are used to organize users within Google Workplace Navigate360 Detect uses the Google Workplace OUs to segment which emails are scanned for a domain. Here’s an example of a fictitious account with the following OUs: 

  • /Students/Elementary School 
  • /Students/Middle School 
  • /Students/High School 
  • /Teachers 

A list of your Detect account locations will be provided to you by your Implementation Consultant. For a successful Google Workplace Integration, please return a list of OUs mapped to the correct location. 

 Example:

OU
Location
/Students/Elementary School  North Acme Elementary
/Students/Middle School  Acme Middle HS
/Students/High School  Acme Senior HS

For a successful Google Workplace Integration, it is important to ensure each of these requirements are met.                                                   

Each targeted user record should: 

  • Be in an Organizational Unit that the account is configured to process. 
  • Have a capitalized first & last name. 
  • Not be suspended in Google Workplace
  • Be active in Google Workplace. 
  • Not be deleted in Google Workplace.
  • Included in the global address list.


Archiving Settings for Google Chat Configuration

Step 1: Navigate to admin.google.com and login with the client's Google admin credentials.

Step 2: Click "Apps." 
Step 3: Click "Google Workspace."


Step 4: Click "Google Chat."


Step 5: Click "Third-party Archiving Settings."


Step 6: Click the "Archiving enabled" check box.
Step 7: Enter the following "journal-api@google.detect.navigate360.com" into the Destination address field. 


Step 8: Click the "Archival frequency" field and select the desired time for the data to be archived. Best practice is the lowest time or 1 hour.


Step 9: Click the "Custom headers" field and add the following- DOMAIN: {client's Google domain}. Example: DOMAIN:admin@ABCdistrict.edu.


Step 10: Click "SAVE."
Delete


Digital Threat Detection: Self Harm Only

API Configuration

Step 1: Log into https://admin.google.com/ac/owl/domainwidedelegation directly or by following these steps:

  1. Go to the Google Workplace domain’s Admin console, https://admin.google.com
  2. Select Security from the list of controls on the left side of the browser. 
  3. Select API Access. Navigate to the bottom of the screen and select Manage Domain Delegation. 

Step 2: In the Manage Domain Delegation page, select Add New to configure the new key. 
To ensure successful integration, copy and paste the following values: 

Client ID field: 114279029511177273649

API Scopes field:

API
Description
https://www.googleapis.com/auth/admin.directory.user.readonly

Required by the Google Directory Listing*
https://www.googleapis.com/auth/gmail.readonly

Required by Gmail, and Hangout Chat* 
https://www.googleapis.com/auth/drive.activity.readonly

Required by Google Drive (Docs)**
https://www.googleapis.com/auth/drive.readonly

Required by Google Drive (Docs)**

* Required for overall Google Workplace Integration
** Optional for Google Doc scanning capabilities

Step 3: Click Authorize. 

If configured properly, Navigate360 Detect now has read-only access to your domain’s user listing, users’ Docs updates, Gmail, and Hangouts Chat messages. Confirm the product was integrated successfully by viewing the Validation Link shared with you by your N360 Implementation Consultant.


Google Admin Panel

Dedicated Detect Service Account Configuration

It is recommended that a dedicated service account be created to be used in the Google Workplace - Detect Integration. This will allow continued scanning, even if the primary Google Admin changes.  When creating the service account, please be sure to provide the proper permissions to ensure that the integration is able to properly read your OU groups.



Mapping Organizational Units

Organizational Units, or OUs, are used to organize users within Google Workplace Navigate360 Detect uses the Google Workplace OUs to segment which emails are scanned for a domain. Here’s an example of a fictitious account with the following OUs: 

  • /Students/Elementary School 
  • /Students/Middle School 
  • /Students/High School 
  • /Teachers 

A list of your Detect account locations will be provided to you by your Implementation Consultant. For a successful Google Workplace Integration, please return a list of OUs mapped to the correct location. 

 Example:

OU
Location
/Students/Elementary School  North Acme Elementary
/Students/Middle School  Acme Middle HS
/Students/High School  Acme Senior HS

For a successful Google Workplace Integration, it is important to ensure each of these requirements are met.                                                   

Each targeted user record should: 

  • Be in an Organizational Unit that the account is configured to process. 
  • Have a capitalized first & last name. 
  • Not be suspended in Google Workplace
  • Be active in Google Workplace. 
  • Not be deleted in Google Workplace.
  • Included in the global address list.


Archiving Settings for Google Chat Configuration

Step 1: Navigate to admin.google.com and login with the client's Google admin credentials.

Step 2: Click "Apps." 
Step 3: Click "Google Workspace."


Step 4: Click "Google Chat."


Step 5: Click "Third-party Archiving Settings."


Step 6: Click the "Archiving enabled" check box.
Step 7: Enter the following "journal-api@google.detect.navigate360.com" into the Destination address field. 


Step 8: Click the "Archival frequency" field and select the desired time for the data to be archived. Best practice is the lowest time or 1 hour.


Step 9: Click the "Custom headers" field and add the following- DOMAIN: {client's Google domain}. Example: DOMAIN:admin@ABCdistrict.edu.


Step 10: Click "SAVE."
Delete


Digital Threat Detection Platform


Step 1: Log into Digital Threat Detection.

Step 2: Click on the gear icon in the top navigation bar.

Step 3: Select Sources from the dropdown menu.

Step 4: Review the Admin Email field.

  • It will auto-fill with the email of the account you're currently logged into.

  • If this email does not match your Google admin account, first add the correct account as a User, then complete the setup using that account.

  • Step 5: Enter your Domain.

Step 6: Select the Google Workspace features you would like to scan.

Step 7: Click Next Step.

Step 8: If the Admin Email and Domain validate successfully, you'll be prompted to map your Organizational Units (OUs) to your schools.

Step 9: Click Save to complete the setup.

After Setup

  • If no errors occur, check the Reports tab within the next 24 hours to confirm that scanning has started.

  • If you do not see any active associations after 24 hours, please contact our team at tech@navigate360.com for assistance.

Delete


Delete


Troubleshooting FAQ’s

“I don’t see Security in the Google Admin Console”

If the Security tab is not visible, the account you are signed in as is not an administrator for the domain. Please work with your Google Administrator for the integration. 

The Validation Link did not confirm a successful integration, what now?

There are typically three reasons why the Validation Link does not show a successful integration. Follow the steps below and reach out to your Implementation Consultant if continue to receive error messages.

  1. API Scopes are not exact: Copy and Paste directly from the instructions above to confirm API scopes are entered correctly
  2. Google Admin: The integration requires Detect to provide the Google Workplace Admin email. Confirm with your Implementation Consultant that we have the correct Google Admin email address and the account has the proper Google permissions added to the account. If your Google Workplace Administrator changes, please contact your Implementation Consultant to update the configuration. 
  3. Typo’s in OUs: OUs need to be exact to map correctly. Confirm that the OUs show exactly as they do in the Google Admin Console. 

“With the Google Workplace Integration, what privileges are granted to Detect?

This integration takes a least privilege approach and requests the minimum possible read-only permissions to provide our service. Once integrated, Detect will have read-only access to your domain’s user listing, users’ Drive changes, Gmail, and Hangouts Chat messages.

gsuite google detect integration google workspace api language engine ous organizational units social sentinel google workplace

Related Articles

  • Facebook Integration- Detect
  • Sending Alert to Case Manager- Detect
  • Exchange/Outlook Integration - Digital Threat Detection
  • All Products | Training Webinars | Order Supplies | Contact Us
  • ©2024 Navigate360

Definition by Author

0
0
Expand