Google IAM Streaming Configuration

Steps to Enable Data Streaming for Google IAM

Create OAuth2 Credentials

• Create a Project in Google Cloud Console:

  • Go to the

  • Create a new project or select an existing project
• Enable the Admin SDK:

  • In the Google Cloud Console, navigate to the "APIs & Services" > "Library"

  • Search for "Admin SDK" and click on it

  • Click the "Enable" button to enable the Admin SDK API for your project

• Create OAuth 2.0 Credentials:

  • In the Google Cloud Console, go to APIs & Services > Credentials

  • Click "Create credentials" and select "Service account"

  • Enter a name in the Service account name field andclick CREATE CREDENTIALS

  • Under "Grant this service account access to the project," select role as Owner and click DONE

  • Select the newly created service account and click Keys > Add Key > Create new key

  • Make sure the key type is set to json and click CREATE

  • The new private key pair is generated and downloaded to the machine. Note the values of private_key, client_email and client_id

Delegate domain-wide authority to your service account

• In the Domain wide delegation pane, select Manage Domain Wide Delegation

• Click Add new

• In the Client ID field, enter the client ID obtained from the service account creation steps above

• In the OAuth Scopes field, enter a comma-delimited list of the scopes required for the application

• Use the below scopes:

  • https://www.googleapis.com/auth/admin.directory.user.readonly

  • https://www.googleapis.com/auth/admin.directory.domain.readonly

  • https://www.googleapis.com/auth/admin.directory.group.readonly

  • https://www.googleapis.com/auth/admin.directory.rolemanagement.readonly

  • https://www.googleapis.com/auth/admin.reports.audit.readonly

• Click Authorize

Steps to Enable Data Streaming for Google Iam

1. Go to the Data Sources section under Administration.

2. From the Data Sources page, select Google iam from the list of available data sources. In the Scan Configurations list, create a New Configuration.
3. Make sure the connection has a Name and Credentials set then click on Data streaming toggle and click Save & Close to finalize the changes
4. Clock icon: When data streaming is being activated, the "Requested" status will appear, indicating that the subscription is being processed. Once the subscription is activated, this status will change to "On".

5. After enabling Data Streaming, the system will automatically handle the subscription to Google Iam’s real-time events. There is no need to manually configure Webhooks.

Monitoring Real-Time Events

After the subscription is activated, real-time events will start flowing into the platform, and can be monitored from the relevant parts of the platform.

Viewing Events in the Live Events Section

1. Go to the Live Events section under Administration to view a detailed audit log of all streaming events.

2. Filter by source to get only Google IAM events

Monitoring Extended Streaming Events

Once extended streaming is enabled, events will be available for monitoring in multiple sections of the platform:

Live Events Section

• Go to Live Events under Administration to view real-time extended events.

• Use the filter options to narrow down events to only Google IAM activities.