loader image
Google Workspace device management

How to Automate: Easy Google Workspace device management

Hugo David

Today in How to Automate, we will learn how you can automate the Google Workspace device management tasks from Mindflow.

As work from anywhere expands, employees increasingly access your resources from everywhere, with different devices: laptops, computers, or phones. From the IT viewpoint, unless your organization enforces company-issued devices, you will have to deal with a growing pool of devices. No matter what, you still need to closely manage the pool of approved devices to access your Google Workspace in this instance.

Without automation, you would have to log in to the Admin console, then, on the left tab Devices -> Mobile & endpoints -> Devices, look for the date of last sync, check the ones above a predefined threshold, and click on Delete device.

The process could take 5 to 15 minutes or more, depending on your organization’s size and the number of devices you are paying attention to. Still, these precious minutes could be used for something else, such as investigating some incidents!

On Mindflow, you can design a workflow to automate your Google Workspace device management tasks, from the trigger to the final report of devices removed in Slack. This workflow will only orchestrate two tools: Google Workspace, through Google Admin Directory SDK API, and Slack.

Google Workspace Admin
Google Admin
slack integration mindflow
Slack

Google Workspace device management automation

Before getting our hands dirty, we must ensure everything is ready on Google regarding API authorizations and Slack.

Google Workspace device management – First steps

To use the endpoints we are going to show, you will need to add to your service account the following OAuth scope: https://www.googleapis.com/auth/admin.directory.device.mobile in Google Admin -> Security -> Access control and data -> API control and select your Client to add the scope (extensive doc here).

As always, log in to https://api.slack.com/apps/YOUR WORKSPACE ID/oauth? and add the following scope to your existing bot: chat:write.

Make the credentials are registered in the Vault. Update the Google one with the scope if it is not already listed. Create the Flow and name it as you want! Of course, make sure you select the perfect emoji, such as a hamster.

Finally, let’s look at the final Flow before starting!

Google workspace device management - Main

Google Workspace device management automation workflow

The tutorial will be divided into sections to reflect milestones: Setting the schedule, Configuring the For each loop, and creating the final Slack notification step.

Google Workspace device management – Setting the schedule and first steps

As our first step on this workflow, we will configure the schedule for the workflow to be automatically executed regularly. The intervals are up to you to decide. In this example, we are going to set a quarterly schedule.

To do so, click the calendar icon next to the workflow’s title on the top left of the canvas. Then select At regular intervals and right under, Yearly. Finally, select the different months, April, August, and December, and the days, hours, and minutes in these months to set the exact triggering time. Once done, click Save.

The schedule is set!

Google workspace device management - 1

Now, on the canvas, right-click to create a Transform Data (TD). We will create an item that will be used later in the workflow. Name this TD Setting deviceRemoved. Click the gear icon under it to open the configuration tab and click “Add an item”. Name this item devicesRemoved. Leave it empty.

Create a second step by querying directory.mobiledevices.list or Retrieves a paginated list of all user-owned mobile devices in the Finder. Once created, ensure the corresponding Google credential is selected in the Settings tab. In the input tab, under Customer id *, type my_customer. Manually run the step once to generate logs.

Google workspace device management - 2

The first steps are done! On to the more complicated part of the workflow.

Google Workspace device management – Creating and configuring the For each loop.

After this Google step, you will create a For-each loop named For each device. Open the configuration panel and, in Source *, type “/” to open the Data Picker tool. In the pop-over, click the executed Google step and pick the table mobiledevices in the answer’s body. The For-each will iterate on all the objects in this table.

Google workspace device management - 3

Inside the For-each, create a TD and name it Compute current and lastSync months. Create three items and name them currentMonthLetterscurrentMonthDigits, and lastSync.

Google workspace device management - 4
  1. currentMonthLetters: type “/” to get the property date located in the Google execution log headers. Click fx to open the functions panel. We are going to apply four functions to compute the current month in digits by clicking Add a function:
  • Parse DateTime: Configure the following fields as such: Built-in format * “Automatic”, Input format string * leave it empty, and Input timezone * “UTC”.
Google workspace device management - 6
  • JSON Path: In Query *, type “$..Date“.
Google workspace device management - 7
  • Regular expression: Select “User Defined “under Built-in regexes *. Paste”[A-Za-z]+“in Regex *. Leave everything else as is.
Google workspace device management - 8
  • Array slice: In Start *, type “2”. Once done, you should see a month popping up under the Output value. It is the current month that we were looking for.
Google workspace device management - 9
  1. currentMonthDigits: in this second function, start by pasting the following JSON
{
"January": 1,
"February": 2,
"March": 3,
"April": 4,
"May": 5,
"June": 6,
"July": 7,
"August": 8,
"September": 9,
"October": 10,
"November": 11,
"December": 12
}

Then click fx. Apply a JSON Path and fill Query * with”$.currentMonthLetters“(type “/” and call the variable currentMonthLetters right after the “.”).

Google workspace device management - 10
  1. lastSync: Type “/”, select For each device and Pick lastSync. Then click fx. Apply a Slice function with a Start * at 5 and an End * at 7.

Your functions are set!

Create a condition following Compute current and lastSync months and name it Delta currentMonth – lastSync. Create a branch by creating the next step that is either directory.mobiledevices.delete or Removes a mobile device. Open Compute current and lastSync months, name the first branch >3, and click the arrow on the right. In the first field, invoke currentMonthDigits and lastSync. Leave a space between the two pills. Click fx and apply a Subtract function. As Delimiter * select “Space”. Go back on the Compare function configuration panel and select the operator “Is greater than” then type “3”.

Google workspace device management - 11

The comparison is set. Every device that was last synced more than 3 months ago will be removed from approbation status on Google Workspace.

Back on the Google directory.mobiledevices.delete and open the configuration panel. Make sure the credential is selected, then hop on the Input tab. Under Customer id *, write “my_customer”. Under Resource id * “/” and pick resourceId inside For each device.

Google workspace device management - 12

The final step in your For-each will be to create a TD that you will name devices removed. Inside, add an item named devicesRemoved. Call devicesRemoved, back to the line, format with “-” and back to the line again. Now fill in the details you want to pass on to the analyst to have as much intel as possible in their report, such as:

  • Owner: Pick the property coupled with the object “0” in the table name from For each device
  • Mobile device model: Pick model from the For each
  • Last sync: Pick lastSync from For each device
Google workspace device management - 13

            The For-each loop is set! Only one last step to create in this Google Workspace device management workflow!

            Google Workspace device management – Notification

            As a final step, find the chat_postMessage or sends a message via Slack call. Check that the corresponding credential is selected in the Settings tab. In the input tab, fill in the channel id where this report will be sent.

            In the text field, start by typing something like “The following mobile devices that were last synced above 3 months on Google Workspace were successfully removed:” then, invoke devicesRemoved.

            The Google Workspace device management workflow is complete! You can run it once to check that everything is alright. Congrats!

            Google workspace device management - 14

            Start automating today

            Sign up for Mindflow to get started with enterprise hyperautomation.

            By registering, you agree to receive updates regarding Mindflow’s products and services and your account in Mindflow.

            The future of automation is just a login away 🚀

            Fill the form below to unlock the magic of Mindflow and be the first to try our feature . 

            USE CASE

            Phishing

            OpenAI icon

            OpenAI

            Slack

            Jira

            Jira

            Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.