Overview
GFI LanGuard enables users to discover and manage mobile devices such as phones or tablets through the Mobile Device Management Source. This article describes the process of setting up Google Apps for Business as the Mobile Device Management Source.
Diagnosis
GFI LanGuard can retrieve the list of mobile devices that connect to the Google Apps domain. By default, the Google Apps domain is not configured to allow querying by other software such as GFI LanGuard. The Solution describes the step-by-step changes required for the Google Apps domain configuration to enable mobile device scanning with GFI LanGuard.
The device discovery can identify any device connected to the Google Apps domain but the vulnerability assessment is only available for the following operating systems:
- Apple iOS
- Google Android
- Windows Phone
Solution
Enable API Access in Your Google Apps Admin Console
- Log in to your Google admin account and select Security. If Security is not listed, go to More Controls > Security.
Sample Link:https://www.google.com/a/cpanel/example.com
- Select API reference, and then select the checkbox on Enable API Access. Click Save to apply the settings.
- Set up a new project in the Google APIs Console and activate the Admin SDK API for this project. For more information, please refer to Directory API: Prerequisites.
- In the Credentials section of your project, enable OAuth authentication by selecting Create New Client ID.
- Choose the Service Account option and save the service account’s Client ID, email address and the generated private key file.
- Grant read-only access to user data to your Service Account:
- Open your Google Apps domain control panel.
Sample Link:https://www.google.com/a/cpanel/example.com
- Go to Security or navigate to More Controls > Security.
- Select Advanced tools > Manage Third Party OAuth Client Access.
- In the Client Name field enter the service account's Client ID.
- Under One or More API Scopes field, copy and paste the following list of scopes:
https://www.googleapis.com/auth/admin.directory.device.mobile.readonly
https://www.googleapis.com/auth/admin.directory.group.readonly
https://www.googleapis.com/auth/admin.directory.user.readonly
- Click Authorize.
- Open your Google Apps domain control panel.
- Optional: Enable Application Auditing so that GFI LanGuard can report the applications installed on mobile devices:
- Log in to your admin account and select Device Management/Device Management Settings.
- In the Advanced Settings section, mark the Enable Application Auditing option.
- Click Save to save your changes.
- Log in to your admin account and select Device Management/Device Management Settings.
For more information on how to set up Google Apps for API access, please refer to Google Cloud Platform Console Help.
Configure Google Apps for Business Mobile Device Management Source
- Launch GFI LanGuard.
- Go to Configuration > Mobile Devices and select Add Mobile Device Management Source.
- Select Google Apps for Business on the Type drop-down list and enter the Service Account Name.
- Set to refresh mobile device information by scheduling an audit.
Optional: Place a checkmark on Exclude Mobile Devices to ignore mobile devices while processing the audit and click Next.
- Select or unselect the accounts to manage and click Finish.
Testing
The scan for the added source will start automatically, go to the Activity Monitor tab to view mobile device scan activity.