Skip to main content

How to collect from Google Workspace

  • Updated

Google Workspace is a set of collaboration and productivity tools for businesses. It includes Gmail, Google Drive, Audits, Google Vault, and more.

Onna connects directly to Google Workspace's API to integrate with an organization's Gmail, Drive, and Team Drives.

Integration features

What’s collected

This connector can only be used to collect from business Google Workspace accounts. Personal Gmail or Google Drive accounts cannot be collected.

  Gmail Drive
Resources
  • Email messages
  • Attachments
    (embedded in the email)
  • Labels
  • Files in user accounts

Shortcuts are not collected
Metadata
  • Date sent
  • Email to
  • Email from
  • Email Bcc
  • Email Cc
  • Email ID
  • Email subject
  • Important
  • Label
  • Starred
  • Title
  • Creators
  • File creation
  • File last modified
  • Path
  • Revision number
  • Folder
Audits -
  • Monthly report of user actions

Sync modes

The Google Workspace connector supports these sync modes:

  • One-time sync
  • Auto-sync and archive
  • Auto sync

You can learn more by reading our documentation about sync modes.

Data exports

You can export data and metadata in eDiscovery ready format. Load files are available in DAT, CSV, or custom text files.

Requirements

  • An Onna Enterprise plan
  • A Google Workspace account with a super admin role (to create a service account)
  • A service account in Google Workspace with access to specific APIs and scopes

Details on how to create the service account are provided in the FAQs section. However, we’ll be glad to provide step-by-step guidance if you contact us.

How-to Guide

🚀 Don’t feel like reading today? You can watch this short video on how to collect from Google Workspace.

Starting the collection in Onna  

Click on "Add source" and select Google Workspace.

First, you'll be asked to name your source. This is the source's title on the Onna platform. If you're naming for eDiscovery purposes a common convention is to name it after the company or account individual.

The next screen will ask for the following fields:

  • Company domain: usually the company website. The www. portion of the URL is not included. For example, the domain can be onna.com

  • Admin's email 

  • Certificate: this is the JSON obtained while creating a service account for Onna

Once you've filled out the fields, select 'Connect'. The next screen will allow you to choose what you're syncing through Google Workspace.

For the following options:

  • Gmail Accounts: This will allow you to select specific user accounts from an organization. This will sync the entire contents of the account unless you choose to skip the spam and trash folders.

    Note: Onna cannot collect alias accounts, only individual mailboxes

  • Google Drive & Team Drive Accounts: This option will allow you to select specific user's drive accounts from an organization and/or select a specific team drive to be synced to the platform. Selecting a Drive account will sync the account's entire contents.  

Note: Onna can only collect accounts if the user has logged in and agreed to Google Workspace “terms and conditions”.

Then you can choose the sync mode - whether one-time sync, auto-sync, or auto-sync & archive. 

Once you select one, you'll have the option to select users. You will no longer be limited to syncing 100 mailboxes when setting up a new source. You can select as many accounts as desired when setting up the collection.

Note that syncing more user accounts will take more time than when fewer accounts are selected.

For users you can:

  • Select user accounts to sync by clicking 'Load users list' and selecting the ones you want

  • Entering the accounts manually by copying and pasting a list into the text box 

Once you've selected the account(s) that you'd like to sync, scroll to the bottom and click 'Next.  

You will be shown a list of team folders that exist within the account. You can select all or filter using the bar above the list. 

On this page, you can also choose whether to sync future top-level folders created in the future if your source is in auto-sync or auto-sync and archive. New team folders and any future subfolders belonging to the selected folder that are added will automatically be added to Onna. Once you've configured your collection options, select 'Finish' at the bottom of the page. After you click finish, Gmail user accounts and team drives will be found within the Google Workspace source.

Users can see additional information on the Gmail accounts and/or Google Drive accounts that have been created by clicking on the information panel found on the top right-hand corner while you are in the Google Workspace source.

Once the information panel appears scroll down until you reach the section labeled ‘Source contents’. Click on the arrow to the right of ‘Source contents’ and all user accounts created from the Google Workspace source will appear below the source contents section. The emails below have been blurred out.

Here you have the option to click audits to review the collection or processing logs for individual sub-sources. Clicking ‘Share’ will allow you to grant other Onna users access to view/manage individual sub-resource. 

Note: Only one unique global GDrive source will be created for team folders.

Filtering or searching across an individual account in Google Workspace 

By clicking on the 'Show Filters' button on the right-hand side the current filters will appear on the left-hand side of the results screen

Filters can be configured to your preferences. Click on the gear icon at the bottom of the page to see the filters available. 

You can choose whether these are visible or not within your filters by clicking on the eye icon. You can also drag and drop them in your order of preference with the two bars on the left-hand side. Remember to save any configuration changes you've made by clicking 'Save' at the bottom of the page. In the below example we will enable the filters 'Source Type' & 'Source Name'.

You will now have the ability to filter based on the individual sub source name or source type.

In the event, you need to query against an individual email account from Google Workspace navigate to the advanced search page. Select the property ‘Parent source name’ and condition ‘Contains’. A dropdown will appear in the next field with all available sources you have access to view including the sub-sources created by the Google Workspace source. Here you can select the sub-sources found under source contents. The email below has been blurred out.

To perform a search against an individual GDrive navigate to the advanced search page. Select the property ‘Parent source name’ and condition ‘Contains’. Select the name of the unique global GDrive source that was created. Add the property ‘Synced folder or label id in Source’ and condition ‘Contains. Finally, add the user’s email address ID and 'Save & apply' the search. The email below has been blurred out.

You will now have the ability to view, filter, and export the results.

Note: The unique global GDrive source will have the same name as the admin that was used to configure the Google Workspace collection & will have a Google Drive icon next to the source name under ‘Source Contents’ from the information panel.

Google Workspace FAQ

Can Google Vault data be collected?

This functionality is currently on our roadmap. We’ll let you know once it’s available.

Can Google Hangouts or Google Chat data be collected?

Google upgraded Hangouts to Chat. Currently, Onna cannot collect Google Chat data.

We used to offer a Google Hangouts connector (now deprecated) that collected data from individual consumer accounts. Existing Google Hangouts collections will still work but you won’t be able to create new ones.

Can data be collected from personal Gmail or Google Drive accounts?

This connector only works with Google Workspace. In the past, we offered individual Gmail and Google Drive connectors that also worked with personal accounts. However, we’re focusing all our efforts in improving the experience of this connector. For this reason, we’re deprecating our personal Gmail and Google Drive connectors. All existing collections will continue working and the possibility to collect data from Gmail and Google Drive as part of Google Workspace will still be possible with this connector.

Can data from users with two-factor authentication be collected?

Yes, a Google Super Admin, which is the account required to create collections, has permissions to access data for users accounts regardless of their authentication method.

Are suspended users collected?

Suspended users will be collected as long as they were selected to be synced. We still collect the drive documents available as links in their email.

Are archived users collected?

Archived users will be collected as long as they were selected to be synced. We still collect the drive documents available as links in their email.

Can shortcuts be collected?

We currently don’t support link collection.

If set on auto-sync and archive do we collect changes made to a document or only the first version of the document upon collection?

Only the version of the document that existed when the email was collected and processed.

Do we collect documents from links to team drives or just individual drives?

Links will be collected from individual drives and team drives. Note that the link for team drives will only be collected if the user has selected to notify the user.

Do we collect all GDrive files (PDFs, images) or only Google Docs?

All Gdrive files are collected - PDFs, images, Google Docs, Google Sheets, Google Slides, etc. Google Doc Files will be collected as PDFs. Other files will be collected in their original native format.

Does the Google Workspace sync status indicate that all custodian syncs have completed?

At this time the Google Workspace sync status does not indicate that all accounts have successfully synced for the source. When we collect from Google Workspace, the sync is broken down into two, the parent (Google Workspace) and then the sub-sources (the custodian/Gmail being collected).

To view the status of the individual Gmail custodian sync follow the below steps:

1. Navigate to the Google Workspace source

2. Click on the Gmail source

3. To the right of the custodian name click on the ellipsis

4. From the drop down select view details to confirm the current sync status

We will be updating these statuses in a future release to have the main Google Workspace source reflect a status of syncing if any of the custodians are still syncing.

Can you perform Google Workspace collections without email attachments?

For the current Google Workspace creation flow, we do not have an option to ignore attachments.

How can I configure the Google Workspace service account to use Onna?

Follow the instructions provided by Google while keeping in mind some details that are specific to Onna:

  • Grant access to the following APIs:
    • Gmail API
    • Google Drive API
    • Admin SDK
    • Google Vault API (Enable this value only if you want to use the In-place-preservation feature with Google Vault)
  • Give the service account a role of Viewer
  • After creating the service account, delegate domain-wide authority to it with the following OAuth scopes:
    • https://www.googleapis.com/auth/admin.directory.group,
    • https://www.googleapis.com/auth/admin.directory.user,
    • https://www.googleapis.com/auth/admin.reports.audit.readonly,
    • https://www.googleapis.com/auth/admin.reports.usage.readonly,
    • https://www.googleapis.com/auth/drive,
    • https://www.googleapis.com/auth/drive.readonly,
    • https://www.googleapis.com/auth/gmail.readonly,
    • https://www.googleapis.com/auth/userinfo.email,
    • https://www.googleapis.com/auth/userinfo.profile,
    • https://www.googleapis.com/auth/ediscovery

Related articles