# Google - Authentication ## Authentication Under CASB, select Google. Self-enroll with the URL or send it to your Google admin.

Google Authentication Link to be used by Admin

Your Google admin will need to copy & paste permissions into the Google admin console (Underneath API Controls -> [Domain-Wide Delegation](https://admin.google.com/u/0/ac/owl/domainwidedelegation))

Admins must copy/paste this information into the Workspace Admin Console

{% hint style="info" %} These are the required Google scopes "", "", "", "", "", "", "", "", "", "", {% endhint %}

Scope	Purpose
admin.directory.user admin.directory.domain.readonly admin.directory.customer.readonly admin.directory.group.readonly admin.directory.user.readonly	Retrieves group member information for user/group import, identify posture (2FA/Admin) for CASB Neural SSPM
admin.directory.user.security	Retrieves OAuth tokens and allows deletion for CASB Neural SSPM
admin.reports.audit.readonly	Retrieves logs for OAuth apps for CASB Neural SSPM
gmail.settings.basic	Retrieves mail rules (not email content) to find suspicious mail rules for CASB Neural SSPM
drive drive.activity.readonly	Retrieves drive information for CASB Neural DLP

About Google Admin Console Configuration {% hint style="warning" %} To complete authorization the Google admin will need to copy & paste the scopes into the Google Admin Console. You must be a Google admin to continue. {% endhint %} Because of CASB Neural's sensitive permissions, the scopes are added to Domain Wide Delegation page. It's under: [Security > API Controls > MANAGE DOMAIN WIDE DELEGATION](https://admin.google.com/ac/owl/domainwidedelegation) in the Google Admin Console. From here, you will add a new domain-wide delegation to their account. This includes CASB Neural's client ID and the required scopes (provided). {% hint style="info" %} See Google help docs [here](https://developers.google.com/identity/protocols/oauth2/service-account#delegatingauthority) {% endhint %} ### Google Workspace Super Admin Email The final step is to provide the Google Workspace super admin email

Once the correct email is entered, you're done! It's that simple. dope.security will now scan your tenant, uncover any publicly shared files with sensitive data, and classify them. {% hint style="info" %} **SSPM Coming Soon:** Uncover all third-party apps connected to your Microsoft 365 or Google SaaS tenant, neatly organized by access type: global, limited, or login access. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://inflight.dope.security/dope.console/casb-neural/google-authentication.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.