Google Audit Log
Steps and required credentials to connect Google Audit Log to Squadbase
Required Information
| Field | Description |
|---|---|
| Google Cloud Service Account JSON | An authentication key file for accessing Google services. This JSON file is issued in Google Cloud and is used by Google to identify which application is using the API. |
| Admin Email | The email address of a Google Workspace administrator. Used to impersonate an admin user via domain-wide delegation when accessing audit log data. |
Google Audit Log uses the Google Workspace Admin SDK Reports API. A Google Workspace account with administrator privileges is required. Personal Gmail accounts are not supported.
How to Obtain Each Value
Google Cloud Service Account JSON
Issue a Google Service Account for the integration.
A Google Service Account is a dedicated account for "systems" such as programs or applications (not humans) to use Google services.
Open Service Accounts
Log in to Google Cloud Console and in any project, select "IAM & Admin" → "Service Accounts" from the menu.
Create a Service Account
Click "+ Create service account" at the top of the Service Accounts page.
Fill in the required information:
- Service account name: Give it a descriptive name so you know what it's for.
- Service account ID: Automatically populated based on the service account name.
- Service account description: Optionally add a description for this service account.
Click "Create and continue" to create the service account.
No configuration is needed for Permissions or Principals with access. Access to audit logs is granted via domain-wide delegation in the Google Workspace Admin Console.
Generate a Key
From the service account list, click the email address of the service account you just created.
Select the "Keys" tab, then click "Add key" → "JSON" and click the "Create" button.
A JSON file will be downloaded to your computer. Upload this JSON file to Squadbase.
Enable the API
To allow the service account to access Google Workspace audit logs, enable the "Admin SDK API" in your Google Cloud project.
From the left sidebar in Google Cloud, select "APIs & Services" → "Library", then search for "Admin SDK" in the search box. Find "Admin SDK API" in the results and click "Enable."
Set Up Domain-Wide Delegation
To access Google Workspace audit logs, you must grant the service account domain-wide delegation in the Google Workspace Admin Console. This step is required.
Domain-wide delegation requires Google Workspace administrator privileges.
Get the Service Account's Client ID
In Google Cloud Console, go to IAM & Admin → Service Accounts and click the service account you created. Copy the OAuth 2.0 Client ID (a numeric ID shown on the detail page).
Open Domain-Wide Delegation in Google Workspace Admin
Log in to Google Workspace Admin Console with an administrator account. Navigate to Security → Access and data control → API controls, then click Manage domain-wide delegation.
Add the Service Account
Click Add new, then enter the following:
- Client ID: Paste the Client ID copied in Step 1
- OAuth scopes: Add the following scopes:
https://www.googleapis.com/auth/admin.reports.audit.readonly
https://www.googleapis.com/auth/admin.reports.usage.readonly
Click Authorize.
It may take up to 24 hours for domain-wide delegation settings to take effect across your Google Workspace organization.
Admin Email
Enter the email address of a Google Workspace administrator (e.g., admin@your-domain.com). Squadbase will impersonate this user via domain-wide delegation to access your organization's audit log data.