Integrate Google Forms with Google SecOps

This document explains how to integrate Google Formswith Google Security Operations (Google SecOps).

Integration version: 1.0

Before you begin

Before you configure theGoogle Forms integration inGoogle SecOps, make sure your Google Cloud and Google Workspaceenvironments are prepared for API access and impersonation.

For the integration to function correctly, three elements must align tomanage permissions:

  1. Service account: Acts as the bridge between systems.

  2. Delegated user: The identity the service account impersonates to accessform data.

  3. Permissions: The scopes and roles that define what the identity isallowed to do.

If the user you are impersonating already has the necessary administrativepermissions, creating a custom role is not required. However, many organizationsprefer to create a dedicated service user with a custom role to adhere to theprinciple of least privilege.

Complete the following prerequisite steps:

  1. Create a service account.
  2. Create a JSON key.
  3. Enable the required APIs for your project.
  4. Optional:Create a custom role for the integration.
  5. Optional:Assign the custom role to a user.
  6. Delegate domain-wide authority to your service account.

Create a service account

The service account represents a non-human user that provides a secure way forthe integration to authenticate and be authorized to access your data.

  1. In the Google Cloud console, go to theCredentials page.

    Go to Credentials

  2. Selectadd_2Create credentials> Service account.

  3. UnderService account details, enter a name in theService account name field.

  4. Optional: Edit the service account ID.

  5. ClickDone.

Create a JSON key

Google SecOps requires a JSON key file to prove the identity ofthe service account and establish a secure connection.

  1. Select your service account and go toKeys.

  2. ClickAdd key> Create new key.

  3. For the key type, selectJSON and clickCreate. APrivate key saved to your computer dialog appears and a copy of the privatekey downloads to your computer.

Enable the required APIs for your project

You must enable the specific Google Cloud APIs that allow the integrationto interact with Google Forms and the Google Workspace directory.

  1. In the Google Cloud console, go toAPIs & Services.

    Go to APIs & Services

  2. ClickaddEnable APIs and Services.

  3. Enable the following APIs for your project:

    • Admin SDK API

    • Google Forms API

Optional: Create a custom role for the integration

Note: This step is only required if you are using a dedicated service user forthe integration or if your existing user account lacks these specific Admin APIprivileges.

If the user account you're using for impersonation doesn't already have thenecessary administrative permissions, you can create a custom role with limitedprivileges. To support the integration, the user requires Admin API privilegesfor the following:

  • Organization Units

  • Users

  • Groups

  1. In the Google Admin console, go toAccount> Admin Roles.

  2. SelectCreate new role.

  3. Provide a name for the new custom role and clickContinue.

  4. OnSelect Privileges, locate theAdmin API privileges section.

  5. Select the checkboxes forOrganization Units,Users, andGroups.

  6. ClickContinue> Create Role.

Optional: Assign the custom role to a user

If you created a custom role in the previous step, you must now assign it to thespecific email address being used for impersonation.

  1. In the Google Admin console, go toDirectory> Users.

  2. Select the user you intend to use for the integration (an existingadministrator or a new dedicated user).

  3. Open settings for the user and clickAdmin roles and privileges>edit Edit.

  4. Select the custom role you created and switch the toggle toAssigned.

  5. ClickSave.

Delegate domain-wide authority to your service account

Domain-wide delegation allows your service account to access data across yourentire Google Workspace domain by impersonating the authorized user.

  1. From your domain's Google Admin console, go toSecurity> Access and data control> API controls.

  2. In theDomain wide delegation pane, selectManage Domain Wide Delegation.

  3. ClickAdd new.

  4. In theClient ID field, enter the client ID of the service accountcreated in the first step.

  5. In theOAuth Scopes field, enter the following comma-delimited list ofrequired scopes:

    https://mail.google.com/,https://www.googleapis.com/auth/admin.directory.customer.readonly,https://www.googleapis.com/auth/admin.directory.domain.readonly,https://www.googleapis.com/auth/admin.directory.group,https://www.googleapis.com/auth/admin.directory.group.member,https://www.googleapis.com/auth/admin.directory.orgunit,https://www.googleapis.com/auth/admin.directory.rolemanagement.readonly,https://www.googleapis.com/auth/admin.directory.user,https://www.googleapis.com/auth/admin.directory.user.alias,https://www.googleapis.com/auth/apps.groups.settings,https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/forms.body.readonly,https://www.googleapis.com/auth/forms.responses.readonly

  6. ClickAuthorize.

Integration parameters

The Google Forms integration requires the following parameters:

ParameterDescription
Delegated EmailRequired

An email address to use for the impersonation and access control.

Service Account JSONRequired

The content of the service account key JSON file.

Verify SSLRequired

If selected, the integration verifies that the SSL certificate for connecting to Google Forms is valid.

Selected by default.

For instructions about how to configure an integration inGoogle SecOps, seeConfigureintegrations.

You can make changes at a later stage, if needed. After you configure anintegration instance, you can use it in playbooks. For more information abouthow to configure and support multiple instances, seeSupportingmultiple instances.

Actions

For more information about actions, seeRespond to pending actions from Your Workdesk andPerform amanual action.

Ping

Use the Ping action to test the connectivity to Google Forms.

This action doesn't run on Google SecOps entities.

Action inputs

None.

Action outputs

ThePing action provides the following outputs:

Action output typeAvailability
Case wall attachmentNot available
Case wall linkNot available
Case wall tableNot available
Enrichment tableNot available
JSON resultNot available
Output messagesAvailable
Script resultAvailable
Output messages

ThePing action can return the following output messages:

Output messageMessage description
Successfully connected to the Google Forms server with the provided connection parameters!The action succeeded.
Failed to connect to the Google Forms server! Error isERROR_REASON

The action failed.

Check the connection to the server, input parameters, or credentials.

Script result

The following table lists the value for the script result output when usingthePing action:

Script result nameValue
is_successTrue orFalse

Connectors

For detailed instructions on how to configure a connector inGoogle SecOps, seeIngest your data(connectors).

Google Forms – Responses Connector

Use theGoogle Forms – Responses Connector to pull responses fromGoogle Forms.

TheGoogle Forms – Responses Connector requires the followingparameters:

ParameterDescription
Product Field NameRequired

The name of the field where the product name is stored.

The default value isProduct Name.

Event Field NameRequired

The field name used to determine the event name (subtype).

The default value isevent_type.

Environment Field NameOptional

The name of the field where the environment name is stored.

If the environment field isn't found, the environment is set to the default environment.

The default value is"".

Environment Regex PatternOptional

A regular expression pattern to run on the value found in theEnvironment Field Name field. This parameter lets you manipulate the environment field using the regular expression logic.

Use the default value.* to retrieve the required rawEnvironment Field Name value.

If the regular expression pattern is null or empty, or the environment value is null, the final environment result is the default environment.

Script Timeout (Seconds)Required

The timeout limit in seconds for the Python process running the current script.

The default value is 300 seconds.

Delegated EmailRequired

An email address to use for the impersonation and access control.

Service Account JSONRequired

The content of the service account key JSON file.

Form IDs To TrackRequired

A comma-separated list of Google Forms IDs to track for responses.

To retrieve a form's unique ID, open the form in theForms editor (not the public response link) and copy the string located between/d/ and/edit in the full address shown in your browser's bar.

Alert SeverityOptional

A severity level to assign to all alerts that the connector creates based on the ingested Google Forms response.

The possible values are as follows:

  • Informational
  • Low
  • Medium
  • High
  • Critical

The default value isLow.

Max Hours BackwardsRequired

A number of hours before the first connector iteration to retrieve responses from. This parameter applies either to the initial connector iteration after you enable the connector for the first time or the fallback value for an expired connector timestamp.

The default value is 1 hour.

Max Responses To FetchRequired

The maximum number of responses to process for every connector iteration.

The maximum number is 100.

Disable OverflowOptional

If selected, the connector ignores the Google SecOps overflow mechanism during alert creation.

Not selected by default.

Verify SSLRequired

If selected, the integration verifies that the SSL certificate for connecting to Google Forms is valid.

Not selected by default.

Proxy Server AddressOptional

The address of the proxy server to use.

Proxy UsernameOptional

The proxy username to authenticate with.

Proxy PasswordOptional

The proxy password to authenticate with.

Connector rules

TheGoogle Forms – Responses Connector supports proxies.

Connector events

The following example shows the JSON output of a Google SecOpsevent that theGoogle Forms – Responses Connector generated:

{"responseId":"RESPONSE_ID","createTime":"2024-09-05T11:43:13.892Z","lastSubmittedTime":"2024-09-05T11:43:13.892123Z","event_type":"Question","questionId":"78099fe3","textAnswers":{"answers":[{"value":"Option 1"}]}}

Need more help?Get answers from Community members and Google SecOps professionals.

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2026-02-18 UTC.