π Note
Hyperproof connects to many third-party systems that frequently change, including the system interface. Contact your System Administrator or the third-party provider for assistance in meeting the requirements to integrate with Hyperproof and collect the proof you need.
This Hypersync requires you to have a Google Workspace Platform (GWP) administrator account.
β
When you create a Hypersync between Hyperproof and GWP, you can automatically collect the following proof types:
Google Workspace Platform proof types and fields
Proof type | Fields | Testable |
Admin Audit Log | Event, Event Description, Admin, Date, IP Address | Yes |
Group Membership | Group, Member, Role, Email, Type | Yes |
List of Chrome Devices | Device ID, Serial Number, Model, User, OS Version | Yes |
List of Groups | Group Name, Email Address, Members, Access Type | Yes |
List of Inbound SAML SSO Profiles | Display Name, IDP Entity ID, IDP SSO Service URL, IDP Log-Out URL, IDP Change Password URL, SP Entity URL | Yes |
List of Users | Full Name, Email, Status, Last Sign In, MFA Enrolled, MFA Enforced | Yes |
Login Audit Log | Event Description, IP Address, Date, Login Type | Yes |
User Security Report | User External apps, 2-Step Verification Enrollment, 2-Step Verification Enforcement, Password Length Compliance, Password Strength, User Account Status, Admin Status, Security Keys Enrolled, Less Secure Apps Access | Yes |
β
Google Workspace Platform notes on proof types
List of Inbound SAML SSO Profiles - Requires
Security SettingspermissionList of Chrome Devices - Requires
Manage ChromeOS Devices > Readpermission
This Hypersync supports importing a user list for an access review. See Importing a list of application users with a Hypersync for more information.
This Hypersync supports importing a company directory for an access review. See Importing a directory with a Hypersync for more information.
Additional documentation
π Note
You only need to connect Hyperproof to the app once, and then you can create as many Hypersyncs as you need.
β
Additionally, you can create multiple Hypersyncs for a single control or label.
Certain cloud services offer specialized options for IP filtering in their cloud consoles to lock down specific cloud API endpoints for security and compliance purposes. You can use the Hyperproof static IP addresses to allow communication between Hyperproof Hypersyncs and your cloud service.
π Note
IP addresses for the Hyperproof Gov will be deprecated and replaced, as shown in the following table:
Service | Current IP address | New IP address |
Main app | 4.154.201.6 | 4.155.77.155 |
Integrations | 4.246.104.90 | 4.155.78.5 |
To prevent connectivity issues, it is recommended that you include all four IP addresses in your allowlists.
Hyperproof US IP addresses - 20.184.128.53, 52.9.169.38, 52.159.252.1
π Note
IP address 52.9.169.38 will be deprecated and replaced with 52.159.252.1 in the future. To prevent connectivity issues, it is recommended that you include all three IP addresses in your allowlists.
Hyperproof EU IP addresses - 9.141.172.46, 4.185.45.100
Hyperproof Gov IP addresses - 4.154.201.6, 4.246.104.90
See Hyperproof instances for more information.
π Note
If your Google Workspace Platform settings allow users to install and run selected apps from the Marketplace, you will have to add the Hyperproof app to your organizationβs allowlist. The Hyperproof client ID is 1042904415275-cv7inn9s69jst8pgh8pq4ig23iaaugcm.apps.googleusercontent.com. For more information, see this Google article.
π Note
Organizations hosted in Hyperproof EU may receive a warning when connecting to Google apps that the Hyperproof app hasn't been verified with Google. Hyperproof is finalizing the verification process. If you feel comfortable continuing, click the Advanced link on the warning and allow Hyperproof to access your Google app.
Permissions
Below is a list of permissions needed for the Google Workspace Platform Hypersync. Itβs recommended to create an Admin role in GWP with minimum permissions.
β
In the Google Admin Console, navigate to Account > Admin roles > Create new role. Name the new role and then add the privileges in the table below. Once the role is created, select the role and then select Admins > Assign users. Add the Google user who is going to be collecting proof in Hyperproof.
β Important
The user must be added as an admin.
Proof type | Admin Console privileges | Admin API privileges |
Admin Audit Log | Reports | Users.Read, Groups.Read |
Group Membership | Domain Settings | |
List of Groups | Domain Settings | Users.Read, Groups.Read |
List of Users | Domain Settings | Users.Read |
Login Audit Log | Reports | |
User Security Report | Reports |
π‘ Tip
Adding the Console privilege Domain Settings automatically adds the API privilege Domain Management.
OAuth scopes for Google Workspace Platform Hypersync connected app
Below is a list of OAuth scopes needed for the Google Cloud Platform Hypersync. These are not actionable; they are listed as a heads-up should you or your IT need them.
β
https://www.googleapis.com/auth/admin.directory.user.readonly
β
https://www.googleapis.com/auth/admin.directory.domain.readonly
β
https://www.googleapis.com/auth/admin.directory.group.readonly
β
https://www.googleapis.com/auth/admin.reports.audit.readonly
β
https://www.googleapis.com/auth/admin.reports.usage.readonly
β
https://www.googleapis.com/auth/apps.groups.settings
β
https://www.googleapis.com/auth/cloud-identity.inboundsso.readonly
β
https://www.googleapis.com/auth/userinfo.email
![Hyperproof.Io [Test] Help Center](https://downloads.intercomcdn.com/i/o/xgk1dxp2/757668/427b255f2659cc7e0853d6a00ec1/628914ae2617199b7d999ba797a5305a.png)