Some of Lockwell's audit logs require extra permissions to publish. This guide will walk you through granting Lockwell the necessary permission to publish forensic audit logs when your someone on your team uses their Google Workspace account to sign into a service, aka a "SaaS sign in".
You can see your team's audit logs on the Forensics page of the Lockwell web app.
Google Workspace Setup
Follow these steps to give Lockwell permission to publish forensic audit logs:
Step 1: Sign in to Google Admin Console
Navigate to the Google Admin Console: admin.google.com.
Log in as a Super Administrator.
Step 2: Access API Controls
In the Admin Console, go to Security.
Under Access and data control, select API controls.
Step 3: Manage Domain-Wide Delegation
Scroll to the Domain-wide delegation section.
Click Manage Domain Wide Delegation.
Step 4: Edit or Add New Client ID
If an entry already exists with Lockwell's Client ID (i.e. you've already enabled the email firewall), simply edit the existing Client ID rather than creating a new one.
Click Add new to create a new client ID.
Enter the following Client ID:
Client ID:
110506756410672874520
Step 5: Enter OAuth Scopes
If an OAuth scope already exists for Lockwell's Client ID (i.e. for the email firewall), simply add this as a second OAuth scope.
In the OAuth scopes field, enter the following scope that Lockwell's firewall requires:
OAuth Scope:
https://www.googleapis.com/auth/admin.reports.audit.readonly
Step 6: Authorize the Application
Once you have entered the Client ID and OAuth scope, click Authorize to save the configuration.
Congrats, Lockwell can now publish forensic audit logs when your team uses their Google Workspace account to sign into a service, aka a "SaaS sign in"! You can see your team's audit logs on the Forensics page of the Lockwell web app.
SaaS sign in audit logs are currently only available for customers on Google Workspace. Microsoft 365 support coming soon!