Google Workplace Integration Setup - Detect
Learn how to set up an account with the Google Workplace integration.
Google Workplace Integration Setup
Using Detect’s Google WorkplaceIntegration, the Language Engine can identify potentially harmful threats or mental health concerns experienced by students. As such, school-sanctioned email and productivity tools help support an early intervention approach to student wellness. Concerning content will be categorized and delivered into the platform as Alerts or Discussions in near real-time.
Which Google Workplace Solutions Are Scanned By Detect?
Google Docs (Upon Updates), Gmail, and Hangouts Chat messages.
Google Workplace setup will be comprised of the following:
- API Configuration
- Dedicated Detect Service Account Configuration
- Mapping Organizational Units
- Google Chat Archiving Settings Configuration
API Configuration
Step 1: Log into https://admin.google.com/ac/owl/domainwidedelegation directly or by following these steps:
- Go to the Google Workplace domain’s Admin console, https://admin.google.com
- Select Security from the list of controls on the left side of the browser.
- Select API Access. Navigate to the bottom of the screen and select Manage Domain Delegation.
Step 2: In the Manage Domain Delegation page, select Add New to configure the new key.
To ensure successful integration, copy and paste the following values:
Client ID field: 114279029511177273649
API Scopes field:
API |
Description |
| https://www.googleapis.com/auth/admin.directory.user.readonly | Required by the Google Directory Listing* |
| https://www.googleapis.com/auth/gmail.readonly | Required by Gmail, and Hangout Chat* |
| https://www.googleapis.com/auth/drive.activity.readonly | Required by Google Drive (Docs)** |
| https://www.googleapis.com/auth/drive.readonly | Required by Google Drive (Docs)** |
|
* Required for overall Google Workplace Integration
** Optional for Google Doc scanning capabilities
|
Step 3: Click Authorize.
If configured properly, Navigate360 Detect now has read-only access to your domain’s user listing, users’ Docs updates, Gmail, and Hangouts Chat messages. Confirm the product was integrated successfully by viewing the Validation Link shared with you by your N360 Implementation Consultant. |
Dedicated Detect Service Account Configuration
It is recommended that a dedicated service account be created to be used in the Google Workplace - Detect Integration. This will allow continued scanning, even if the primary Google Admin changes. When creating the service account, please be sure to provide the proper permissions to ensure that the integration is able to properly read your OU groups.
Mapping Organizational Units
Organizational Units, or OUs, are used to organize users within Google Workplace Navigate360 Detect uses the Google Workplace OUs to segment which emails are scanned for a domain. Here’s an example of a fictitious account with the following OUs:
- /Students/Elementary School
- /Students/Middle School
- /Students/High School
- /Teachers
A list of your Detect account locations will be provided to you by your Implementation Consultant. For a successful Google Workplace Integration, please return a list of OUs mapped to the correct location.
Example:
OU |
Location |
| /Students/Elementary School | North Acme Elementary |
| /Students/Middle School | Acme Middle HS |
| /Students/High School | Acme Senior HS |
For a successful Google Workplace Integration, it is important to ensure each of these requirements are met.
Each targeted user record should:
- Be in an Organizational Unit that the account is configured to process.
- Have a capitalized first & last name.
- Not be suspended in Google Workplace
- Be active in Google Workplace.
- Not be deleted in Google Workplace.
- Included in the global address list.
Archiving Settings for Google Chat Configuration
Step 2: Click "Apps."
Step 3: Click "Google Workspace."
Step 4: Click "Google Chat."
Step 5: Click "Third-party Archiving Settings."
Step 6: Click the "Archiving enabled" check box.
Step 7: Enter the following "journal-api@google.detect.navigate360.com" into the Destination address field. 
Step 8: Click the "Archival frequency" field and select the desired time for the data to be archived. Best practice is the lowest time or 1 hour.
Step 9: Click the "Custom headers" field and add the following- DOMAIN: {client's Google domain}. Example: DOMAIN:admin@ABCdistrict.edu.
Step 10: Click "SAVE."Troubleshooting FAQ’s
“I don’t see Security in the Google Admin Console”
If the Security tab is not visible, the account you are signed in as is not an administrator for the domain. Please work with your Google Administrator for the integration.
The Validation Link did not confirm a successful integration, what now?
There are typically three reasons why the Validation Link does not show a successful integration. Follow the steps below and reach out to your Implementation Consultant if continue to receive error messages.
- API Scopes are not exact: Copy and Paste directly from the instructions above to confirm API scopes are entered correctly
- Google Admin: The integration requires Detect to provide the Google Workplace Admin email. Confirm with your Implementation Consultant that we have the correct Google Admin email address and the account has the proper Google permissions added to the account. If your Google Workplace Administrator changes, please contact your Implementation Consultant to update the configuration.
- Typo’s in OUs: OUs need to be exact to map correctly. Confirm that the OUs show exactly as they do in the Google Admin Console.
“With the Google Workplace Integration, what privileges are granted to Detect?
This integration takes a least privilege approach and requests the minimum possible read-only permissions to provide our service. Once integrated, Detect will have read-only access to your domain’s user listing, users’ Drive changes, Gmail, and Hangouts Chat messages.