> ## Documentation Index
> Fetch the complete documentation index at: https://docs.prowler.com/llms.txt
> Use this file to discover all available pages before exploring further.

<AgentInstructions>

## Submitting Feedback

If you encounter incorrect, outdated, or confusing documentation on this page, submit feedback:

POST https://docs.prowler.com/feedback

```json
{
  "path": "/user-guide/providers/googleworkspace/getting-started-googleworkspace",
  "feedback": "Description of the issue"
}
```

Only submit feedback when you have something specific and actionable to report.

</AgentInstructions>

# Getting Started With Google Workspace on Prowler

export const VersionBadge = ({version}) => {
  return <a href={`https://github.com/prowler-cloud/prowler/releases/tag/${version}`} target="_blank" rel="noopener noreferrer" className="version-badge-link">
            <span className="version-badge-container">
                <span className="version-badge">
                    <span className="version-badge-label">Added in:</span> 
                    <span className="version-badge-version">{version}</span>
                </span>
            </span>
        </a>;
};

Prowler for Google Workspace audits the organization's Google Workspace environment for security misconfigurations, including super administrator account hygiene, domain settings, and more.

## Prerequisites

Set up authentication for Google Workspace with the [Google Workspace Authentication](/user-guide/providers/googleworkspace/authentication) guide before starting either path:

* **Service Account:** Create a Service Account in a GCP project with Domain-Wide Delegation enabled.
* **OAuth Scopes:** Authorize the required read-only OAuth scopes in the Google Workspace Admin Console.
* **Customer ID:** Identify the Google Workspace Customer ID to use as the provider identifier.
* **Delegated User:** Have the email of a super administrator to use as the delegated user.

<CardGroup cols={2}>
  <Card title="Prowler Cloud" icon="cloud" href="#prowler-cloud">
    Onboard Google Workspace using Prowler Cloud
  </Card>

  <Card title="Prowler CLI" icon="terminal" href="#prowler-cli">
    Onboard Google Workspace using Prowler CLI
  </Card>
</CardGroup>

## Prowler Cloud

<VersionBadge version="5.21.0" />

### Step 1: Locate the Customer ID

1. Log into the [Google Workspace Admin Console](https://admin.google.com).
2. Navigate to "Account" > "Account Settings".
3. Find the **Customer ID** on the Account Settings page.

   <img src="https://mintcdn.com/prowler/JS11-QKE8N3jq-1e/images/providers/googleworkspace-customer-id.png?fit=max&auto=format&n=JS11-QKE8N3jq-1e&q=85&s=acf6906d2027ee8bf22292d144dadf27" alt="Google Workspace Customer ID" width="3442" height="1408" data-path="images/providers/googleworkspace-customer-id.png" />

<Note>
  The Customer ID starts with the letter "C" followed by alphanumeric characters (e.g., `C0xxxxxxx`). This value acts as the unique identifier for the Google Workspace account in Prowler Cloud.
</Note>

### Step 2: Open Prowler Cloud

1. Go to [Prowler Cloud](https://cloud.prowler.com/) or launch [Prowler App](/user-guide/tutorials/prowler-app).

2. Navigate to "Configuration" > "Providers".

   <img src="https://mintcdn.com/prowler/zldeL4sp-3y3KD3R/images/prowler-app/cloud-providers-page.png?fit=max&auto=format&n=zldeL4sp-3y3KD3R&q=85&s=022812ec187876acb2feac32781217f3" alt="Providers Page" width="300" height="448" data-path="images/prowler-app/cloud-providers-page.png" />

3. Click "Add Provider".

   <img src="https://mintcdn.com/prowler/zldeL4sp-3y3KD3R/images/prowler-app/add-cloud-provider.png?fit=max&auto=format&n=zldeL4sp-3y3KD3R&q=85&s=ba8cc5f0f469433547b724f97672bb52" alt="Add a Provider" width="601" height="125" data-path="images/prowler-app/add-cloud-provider.png" />

4. Select "Google Workspace".

   <img src="https://mintcdn.com/prowler/saTLkZ1BmMa35TKH/images/providers/select-googleworkspace-prowler-cloud.png?fit=max&auto=format&n=saTLkZ1BmMa35TKH&q=85&s=271b0245141410049663fbe2b2978619" alt="Select Google Workspace" width="2906" height="1770" data-path="images/providers/select-googleworkspace-prowler-cloud.png" />

### Step 3: Provide Credentials

1. Enter the **Customer ID** and an optional alias, then click "Next".

   <img src="https://mintcdn.com/prowler/saTLkZ1BmMa35TKH/images/providers/googleworkspace-customer-id-form.png?fit=max&auto=format&n=saTLkZ1BmMa35TKH&q=85&s=84865169130428195471b4e7d4a7acb6" alt="Google Workspace Customer ID Form" width="2884" height="1742" data-path="images/providers/googleworkspace-customer-id-form.png" />

2. Paste the **Service Account JSON** credentials content.

3. Enter the "Delegated User Email" (a super administrator in the Google Workspace organization).

   <img src="https://mintcdn.com/prowler/saTLkZ1BmMa35TKH/images/providers/googleworkspace-credentials-form.png?fit=max&auto=format&n=saTLkZ1BmMa35TKH&q=85&s=cec06a8407a1ebf29c261292dd6e9084" alt="Google Workspace Credentials Form" width="2876" height="1762" data-path="images/providers/googleworkspace-credentials-form.png" />

<Note>
  The Service Account JSON is the full content of the key file downloaded when creating the Service Account. Paste the entire JSON object, not just the file path. For setup instructions, see the [Authentication guide](/user-guide/providers/googleworkspace/authentication).
</Note>

### Step 4: Check Connection

1. Click "Check Connection" to verify that the credentials and Domain-Wide Delegation are configured correctly.
2. Prowler will test the Service Account impersonation and Admin SDK access.

   <img src="https://mintcdn.com/prowler/saTLkZ1BmMa35TKH/images/providers/googleworkspace-check-connection.png?fit=max&auto=format&n=saTLkZ1BmMa35TKH&q=85&s=8ba4f622bdc0168dbd37d4664d153b98" alt="Check Connection" width="2882" height="1776" data-path="images/providers/googleworkspace-check-connection.png" />

<Note>
  If the connection test fails, verify that Domain-Wide Delegation is properly configured and that all required OAuth scopes are authorized. It may take a few minutes for delegation changes to propagate. See the [Troubleshooting](/user-guide/providers/googleworkspace/authentication#troubleshooting) section for common errors.
</Note>

### Step 5: Launch the Scan

1. Review the summary.
2. Click "Launch Scan" to start auditing Google Workspace.

   <img src="https://mintcdn.com/prowler/saTLkZ1BmMa35TKH/images/providers/googleworkspace-launch-scan.png?fit=max&auto=format&n=saTLkZ1BmMa35TKH&q=85&s=70017f33676ddc86d4a21b78e4edf0f4" alt="Launch Scan" width="2880" height="1768" data-path="images/providers/googleworkspace-launch-scan.png" />

***

## Prowler CLI

<VersionBadge version="5.19.0" />

### Step 1: Set Up Authentication

Set your Service Account credentials and delegated user email following the [Google Workspace Authentication](/user-guide/providers/googleworkspace/authentication) guide:

```console theme={null}
export GOOGLEWORKSPACE_CREDENTIALS_FILE="/path/to/service-account-key.json"
export GOOGLEWORKSPACE_DELEGATED_USER="admin@yourdomain.com"
```

Alternatively, pass the credentials content directly as a JSON string:

```console theme={null}
export GOOGLEWORKSPACE_CREDENTIALS_CONTENT='{"type": "service_account", ...}'
export GOOGLEWORKSPACE_DELEGATED_USER="admin@yourdomain.com"
```

### Step 2: Run the First Scan

Run a baseline scan after credentials are configured:

```console theme={null}
prowler googleworkspace
```

Prowler authenticates as the delegated user and runs all available security checks against the Google Workspace organization.

### Step 3: Use a Custom Configuration (Optional)

Prowler uses a configuration file to customize provider behavior. To use a custom configuration:

```console theme={null}
prowler googleworkspace --config-file /path/to/config.yaml
```

***