SaaS Security
Onboard a Google Analytics App to SSPM
Table of Contents
Onboard a Google Analytics App to SSPM
Connect a Google Analytics instance to SSPM to detect posture risks.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
Or any of the following licenses that include the Data Security license:
|
For SSPM to detect posture risks in your Google Analytics instance, you must onboard
your Google Analytics instance to SSPM. SSPM gets access to your Google Analytics
instance through OAuth 2.0 authorization. Through this onboarding process, SSPM
connects to a Google Analytics API and, through the API, scans your Google Analytics
instance for misconfigured settings
and account risks.
The supported Google Analytics account plan
for SSPM scans is the premium plan, Google Analytics 360.
To onboard your Google Analytics instance, you complete the following actions:
- Identify the Google Analytics account that you will use to log in to Google Analytics during onboarding.During the onboarding process, SSPM will redirect you to log in to Google Analytics. After you log in, Google Analytics will prompt you to grant SSPM the access it needs.Required Permissions. SSPM supports configuration scans for misconfigured settings and identity scans to detect account risks. The account that you use to onboard Google Analytics must have permission to grant SSPM access to the following scopes:
Scope Required for Scans analytics.manage.users.readonlyConfiguration and Identity Scans analytics.readonlyConfiguration and Identity Scans admin.directory.user.readonlyIdentity Scans admin.reports.audit.readonlyIdentity Scans SSPM will use this account to establish a connection to your Google Analytics instance. After SSPM establishes the connection, it will perform an initial scan of your Google Analytics instance, and will then run scans at regular intervals. The account that you use to establish the initial connection with SSPM must remain available. For this reason, we recommend that you use a dedicated service account to grant SSPM access. If you delete the service account, or change the account's password, the scans will fail and you will need to onboard Google Analytics again.Log out of all Google Analytics accounts.Logging out of all Google Analytics accounts helps ensure that you log in under the correct account during the onboarding process. Some browsers can automatically log you in by using saved credentials. To ensure that the browser does not automatically log you in to the wrong account, you can turn off any automatic login option or clear your saved credentials. Alternatively, you can prevent the browser from using saved credentials by opening SSPM in an incognito window.Connect SSPM to your Google Analytics instance.By adding a Google Analytics app in SSPM, you enable SSPM to connect to your Google Analytics instance. You must consent to specific permissions when adding the Google Analytics app.- Log in to Strata Cloud Manager.Select and click the Google Analytics tile.On the Posture Security tab, Add New instance.Choose the option to Log in with Credentials.ConnectSSPM redirects you to the Google Analytics login page.Log in to your Google Analytics account.Google Analytics displays a consent form that details the access permissions that SSPM requires.Review the consent form and allow the requested permissions.
