๐ก๏ธ Google Workspace and Cloud Identity Data Sharing with Google Cloud is not enabled๐ขโช
- Contextual name: ๐ก๏ธ Workspace and Cloud Identity Data Sharing with Google Cloud is not enabled๐ขโช
- ID:
/ce/ca/google/logging/workspace-cloud-identity-data-sharing - Tags:
- โช Impossible policy
- ๐ข Policy with categories
- ๐ข Policy with type
- Policy Type:
COMPLIANCE_POLICY - Policy Categories:
SECURITY
Descriptionโ
Descriptionโ
Google Workspace and Cloud Identity can share administrative audit log data with Google Cloud. Enable this setting so user, password, and security configuration changes from the identity provider are available in Cloud Logging.
Rationaleโ
Centralized identity audit logs help security teams correlate Workspace or Cloud Identity administrative events with Google Cloud resource activity. Without this setting, important identity events remain only in the Admin Console, which limits monitoring, alerting, retention, and incident investigation.
Impactโ
Enabling the setting sends additional audit log data to Google Cloud. Organizations should confirm that log retention, access controls, and monitoring rules are configured for the resulting Cloud Logging data.
Auditโ
From Google Admin Consoleโ
- Sign in to the Google Admin Console as a Super Admin.
- Go to
Account>Account settings.- Open
Legal and compliance.- Locate
Sharing options>Google Cloud Platform Sharing Options.- Verify that the setting is
Enabled.... see more
Remediationโ
Remediationโ
From Google Admin Consoleโ
- Sign in to the Google Admin Console as a Super Admin.
- Go to
Account>Account settings.- Open
Legal and compliance.- Locate
Sharing options>Google Cloud Platform Sharing Options.- Set the option to
Enabledand clickSave.- In Google Cloud, use Logs Explorer to confirm that Admin audit log events are arriving in Cloud Logging.
policy.yamlโ
Linked Framework Sectionsโ
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| ๐ผ CIS GCP v5.0.0 โ ๐ผ 2.2 Ensure Google Workspace/Cloud Identity Data Sharing with Google Cloud is Enabled for Admin Audit Logging - Level 1 (Manual) | 1 | no data | |||
| ๐ผ Cloudaware Framework โ ๐ผ Logging and Monitoring Configuration | 79 | no data |