Google Workspace encompasses Google's set of collaboration and productivity tools such as Gmail, Google Drive, Hangouts, Audits, Vault, and more.
Currently, Onna connects directly to Google Workspace's API to integrate with an organization's Gmail, Drive, and Team Drives.
Before being able to collect from Google Workspace a service account must be created for that Google Workspace to obtain an access key. Only a Google Workspace super admin can create a service account. The service account must have admin rights with User Management Admin and Services Admin permissions to be able to collect from both Drive and Gmail.
Steps on how to create a service account are sent to Onna clients once their Onna account has been created.
For a short video overview of collecting from Google Workspace, please see below:
Email Messages (metadata is embedded in email)
Attachments (embedded in the email)
Labels from Gmail
Files in user accounts
File last modified
Monthly report of user actions
We currently support three sync modes - one-time, auto-sync, & auto-sync, and archive.
One-time is a one-way sync that collects information only once.
Auto-sync means that Onna will perform a full sync first and will keep the data source and Onna in mirrored sync.
Auto-sync and archive mean that Onna will perform full sync and archive the information collected. Onna will then automatically sync and archive any new information after the original sync
Yes, you can export data and metadata in eDiscovery ready format. Load files are available in dat, CSV, or custom text files.
Before running the Google Workspace collection in Onna, a super admin will need to create a service account for the Onna app to run. Steps on how to create a service account are sent to Onna clients once their Onna account has been created.
Before receiving the instructions, you can review how to create a service account by following the instructions provided by Google here. The following steps can only be taken by a super admin for the Google Workspace account. When enabling APIs for the project, you will need to select the Admin Directory API as well as the Gmail and GDrive APIs.
These details can now be used to create the service account.
use the option to furnish a new key and download the JSON
enable 'Google Workspace Domain-wide Delegation' for the Service account
More detailed steps are provided in the sent instructions.
Starting the collection in Onna
Click on "Add source" and select Google Workspace.
First, you'll be asked to name your source. This is the source's title on the Onna platform. If you're naming for eDiscovery purposes a common convention is to name it after the company or account individual.
The next screen will ask for the following fields:
Certificate: this is the JSON obtained while creating a service account for Onna
Once you've filled out the fields, select 'Connect'. The next screen will allow you to choose what you're syncing through Google Workspace.
For the following options:
Gmail Accounts: This Will allow you to select specific user accounts from an organization. This will sync the entire contents of the account unless you choose to skip the spam and trash folders.
Note: Onna cannot collect alias accounts, only individual mailboxes
Google Drive & Team Drive Accounts: This option will allow you to select specific user's drive accounts from an organization and/or select a specific team drive to be synced to the platform. Selecting a Drive account will sync the account's entire contents.
Note: Onna can only collect accounts if the user has logged in and agreed to Google Workspace “terms and conditions”.
Then you can choose the sync mode - whether one-time sync, auto-sync, or auto-sync & archive.
Once you select one, you'll have the option to select users. You will no longer be limited to syncing 100 mailboxes when setting up a new source. You can select as many accounts as desired when setting up the collection.
Note that syncing more user accounts will take more time than when fewer accounts are selected.
For users you can:
Select user accounts to sync by clicking 'Load users list' and selecting the ones you want
Entering the accounts manually by copying and pasting a list into the text box
Once you've selected the account(s) that you'd like to sync, scroll to the bottom and click 'Next.
You will be shown a list of team folders that exist within the account. You can select all or filter using the bar above the list.
On this page, you can also choose whether to sync future top-level folders created in the future if your source is in auto-sync or auto-sync and archive. New team folders and any future subfolders belonging to the selected folder that are added will automatically be added to Onna. Once you've configured your collection options, select 'Finish' at the bottom of the page. After you click finish, Gmail user accounts and team drives will be found within the Google Workspace source.
Users can see additional information on the Gmail accounts and/or Google Drive accounts that have been created by clicking on the information panel found on the top right-hand corner while you are in the Google Workspace source.
Once the information panel appears scroll down until you reach the section labeled ‘Source contents’. Click on the arrow to the right of ‘Source contents’ and all user accounts created from the Google Workspace source will appear below the source contents section. The emails below have been blurred out.
Here you have the option to click audits to review the collection or processing logs for individual sub-sources. Clicking ‘Share’ will allow you to grant other Onna users access to view/manage individual subresource.
Note: Only one unique global GDrive source will be created for team folders.
Filtering or searching across an individual account in Google Workspace
By clicking on the 'Show Filters' button on the right-hand side the current filters will appear on the left-hand side of the results screen
Filters can be configured to your preferences. Click on the gear icon at the bottom of the page to see the filters available.
You can choose whether these are visible or not within your filters by clicking on the eye icon. You can also drag and drop them in your order of preference with the two bars on the left-hand side. Remember to save any configuration changes you've made by clicking 'Save' at the bottom of the page. In the below example we will enable the filters 'Source Type' & 'Source Name'.
You will now have the ability to filter based on the individual sub source name or source type.
In the event, you need to query against an individual email account from Google Workspace navigate to the advanced search page. Select the property ‘Parent source name’ and condition ‘Contains’. A dropdown will appear in the next field with all available sources you have access to view including the sub-sources created by the Google Workspace source. Here you can select the sub-sources found under source contents. The email below has been blurred out.
To perform a search against an individual GDrive navigate to the advanced search page. Select the property ‘Parent source name’ and condition ‘Contains’. Select the name of the unique global GDrive source that was created. Add the property ‘Synced folder or label id in Source’ and condition ‘Contains. Finally, add the user’s email address ID and 'Save & apply' the search. The email below has been blurred out.
You will now have the ability to view, filter, and export the results.
Note: The unique global GDrive source will have the same name as the admin that was used to configure the Google Workspace collection & will have a Google Drive icon next to the source name under ‘Source Contents’ from the information panel.
Google Workspace FAQ
Does Onna collect from Vault?
Currently, Onna does not but this functionality is on our roadmap.
Can the Google Workspace integration be used to collect from Hangouts?
Currently, not however Onna has integration to Hangouts that can be accessed with OAuth for a specific user's account.
If the user has two-factor authentication will their account be collected?
Yes, the Super Admin will still have access to the user account regardless if two-factor authentication was implemented.
Are suspended users collected?
Suspended users will be collected as long as they were selected to be synced. We still collect the drive documents available as links in their email.
Are archived users collected?
Archived users will be collected as long as they were selected to be synced. We still collect the drive documents available as links in their email.
If set on auto-sync and archive do we collect changes made to a document or only the first version of the document upon collection?
Only the version of the document that existed when the email was collected and processed.
Do we collect documents from links to team drives or just individual drives?
Links will be collected from individual drives and team drives. Note that the link for team drives will only be collected if the user has selected to notify the user.
Do we collect all GDrive files (PDFs, images) or only Google Docs?
All Gdrive files are collected - PDFs, images, Google Docs, Google Sheets, Google Slides, etc. Google Doc Files will be collected as PDFs. Other files will be collected in their original native format.
Does the Google Workspace sync status indicate that all custodian syncs have completed?
At this time the Google Workspace sync status does not indicate that all accounts have successfully synced for the source. When we collect from Google Workspace, the sync is broken down into two, the parent (Google Workspace) and then the sub-sources(the custodian/Gmail being collected).
To view the status of the individual Gmail custodian sync follow the below steps:
1. Navigate to the Google Workspace source
2. Click on the Gmail source
3. To the right of the custodian name click on the ellipsis
4. From the drop down select view details to confirm the current sync status
We will be updating these statuses in a future release to have the main Google Workspace source reflect a status of syncing if any of the custodians are still syncing.
Can you perform Google Workspace collections without email attachments?
For the current Google Workspace creation flow, we do not have an option to ignore attachments.