On New API Access to Google Workspace - Ask User for Reason and Approval from Security Team
This automation asks the user for a reason and approval from the security team on new API access to Google Workspace. Google Workspace carries a large amount of sensitive data and can be accessed from almost any device by a mass of users, thus posing a risk to privacy and sensitive information. Monitoring the access via a third side party to your Google Workspace can be crucial in securing user privacy and corporate data in subscription-based cloud applications. The default is blocking any new API access, and approving or later on whitelisting the calls by the security team.
  1. When an alert is received, get alert details from reports.
  2. Inform and ask the user for a reason to the API call.
  3. Inform and ask for approval from the relevant SecOps personnel about the API call.
  4. If denied, inform the user and refer him to relevant SecOps.