Integrate Google Forms with Google SecOps
This document explains how to integrate Google Formswith Google Security Operations (Google SecOps).
Integration version: 1.0
Before you begin
Before you configure theGoogle Forms integration inGoogle SecOps, make sure your Google Cloud and Google Workspaceenvironments are prepared for API access and impersonation.
For the integration to function correctly, three elements must align tomanage permissions:
Service account: Acts as the bridge between systems.
Delegated user: The identity the service account impersonates to accessform data.
Permissions: The scopes and roles that define what the identity isallowed to do.
If the user you are impersonating already has the necessary administrativepermissions, creating a custom role is not required. However, many organizationsprefer to create a dedicated service user with a custom role to adhere to theprinciple of least privilege.
Complete the following prerequisite steps:
- Create a service account.
- Create a JSON key.
- Enable the required APIs for your project.
- Optional:Create a custom role for the integration.
- Optional:Assign the custom role to a user.
- Delegate domain-wide authority to your service account.
Create a service account
The service account represents a non-human user that provides a secure way forthe integration to authenticate and be authorized to access your data.
In the Google Cloud console, go to theCredentials page.
Selectadd_2Create credentials> Service account.
UnderService account details, enter a name in theService account name field.
Optional: Edit the service account ID.
ClickDone.
Create a JSON key
Google SecOps requires a JSON key file to prove the identity ofthe service account and establish a secure connection.
Select your service account and go toKeys.
ClickAdd key> Create new key.
For the key type, selectJSON and clickCreate. APrivate key saved to your computer dialog appears and a copy of the privatekey downloads to your computer.
Enable the required APIs for your project
You must enable the specific Google Cloud APIs that allow the integrationto interact with Google Forms and the Google Workspace directory.
In the Google Cloud console, go toAPIs & Services.
ClickaddEnable APIs and Services.
Enable the following APIs for your project:
Admin SDK API
Google Forms API
Optional: Create a custom role for the integration
Note: This step is only required if you are using a dedicated service user forthe integration or if your existing user account lacks these specific Admin APIprivileges.If the user account you're using for impersonation doesn't already have thenecessary administrative permissions, you can create a custom role with limitedprivileges. To support the integration, the user requires Admin API privilegesfor the following:
Organization Units
Users
Groups
In the Google Admin console, go toAccount> Admin Roles.
SelectCreate new role.
Provide a name for the new custom role and clickContinue.
OnSelect Privileges, locate theAdmin API privileges section.
Select the checkboxes forOrganization Units,Users, andGroups.
ClickContinue> Create Role.
Optional: Assign the custom role to a user
If you created a custom role in the previous step, you must now assign it to thespecific email address being used for impersonation.
In the Google Admin console, go toDirectory> Users.
Select the user you intend to use for the integration (an existingadministrator or a new dedicated user).
Open settings for the user and clickAdmin roles and privileges>edit Edit.
Select the custom role you created and switch the toggle toAssigned.
ClickSave.
Delegate domain-wide authority to your service account
Domain-wide delegation allows your service account to access data across yourentire Google Workspace domain by impersonating the authorized user.
From your domain's Google Admin console, go toSecurity> Access and data control> API controls.
In theDomain wide delegation pane, selectManage Domain Wide Delegation.
ClickAdd new.
In theClient ID field, enter the client ID of the service accountcreated in the first step.
In theOAuth Scopes field, enter the following comma-delimited list ofrequired scopes:
https://mail.google.com/,https://www.googleapis.com/auth/admin.directory.customer.readonly,https://www.googleapis.com/auth/admin.directory.domain.readonly,https://www.googleapis.com/auth/admin.directory.group,https://www.googleapis.com/auth/admin.directory.group.member,https://www.googleapis.com/auth/admin.directory.orgunit,https://www.googleapis.com/auth/admin.directory.rolemanagement.readonly,https://www.googleapis.com/auth/admin.directory.user,https://www.googleapis.com/auth/admin.directory.user.alias,https://www.googleapis.com/auth/apps.groups.settings,https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/forms.body.readonly,https://www.googleapis.com/auth/forms.responses.readonlyClickAuthorize.
Integration parameters
The Google Forms integration requires the following parameters:
| Parameter | Description |
|---|---|
Delegated Email | Required An email address to use for the impersonation and access control. |
Service Account JSON | Required The content of the service account key JSON file. |
Verify SSL | Required If selected, the integration verifies that the SSL certificate for connecting to Google Forms is valid. Selected by default. |
For instructions about how to configure an integration inGoogle SecOps, seeConfigureintegrations.
You can make changes at a later stage, if needed. After you configure anintegration instance, you can use it in playbooks. For more information abouthow to configure and support multiple instances, seeSupportingmultiple instances.
Actions
For more information about actions, seeRespond to pending actions from Your Workdesk andPerform amanual action.
Ping
Use the Ping action to test the connectivity to Google Forms.
This action doesn't run on Google SecOps entities.
Action inputs
None.
Action outputs
ThePing action provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Not available |
| Output messages | Available |
| Script result | Available |
Output messages
ThePing action can return the following output messages:
| Output message | Message description |
|---|---|
Successfully connected to the Google Forms server with the provided connection parameters! | The action succeeded. |
Failed to connect to the Google Forms server! Error isERROR_REASON | The action failed. Check the connection to the server, input parameters, or credentials. |
Script result
The following table lists the value for the script result output when usingthePing action:
| Script result name | Value |
|---|---|
is_success | True orFalse |
Connectors
For detailed instructions on how to configure a connector inGoogle SecOps, seeIngest your data(connectors).
Google Forms – Responses Connector
Use theGoogle Forms – Responses Connector to pull responses fromGoogle Forms.
TheGoogle Forms – Responses Connector requires the followingparameters:
| Parameter | Description |
|---|---|
Product Field Name | Required The name of the field where the product name is stored. The default value is |
Event Field Name | Required The field name used to determine the event name (subtype). The default value is |
Environment Field Name | Optional The name of the field where the environment name is stored. If the environment field isn't found, the environment is set to the default environment. The default value is |
Environment Regex Pattern | Optional A regular expression pattern to run on the value found in the Use the default value If the regular expression pattern is null or empty, or the environment value is null, the final environment result is the default environment. |
Script Timeout (Seconds) | Required The timeout limit in seconds for the Python process running the current script. The default value is 300 seconds. |
Delegated Email | Required An email address to use for the impersonation and access control. |
Service Account JSON | Required The content of the service account key JSON file. |
Form IDs To Track | Required A comma-separated list of Google Forms IDs to track for responses. To retrieve a form's unique ID, open the form in theForms editor (not the public response link) and copy the string located between |
Alert Severity | Optional A severity level to assign to all alerts that the connector creates based on the ingested Google Forms response. The possible values are as follows:
The default value is |
Max Hours Backwards | Required A number of hours before the first connector iteration to retrieve responses from. This parameter applies either to the initial connector iteration after you enable the connector for the first time or the fallback value for an expired connector timestamp. The default value is 1 hour. |
Max Responses To Fetch | Required The maximum number of responses to process for every connector iteration. The maximum number is 100. |
Disable Overflow | Optional If selected, the connector ignores the Google SecOps overflow mechanism during alert creation. Not selected by default. |
Verify SSL | Required If selected, the integration verifies that the SSL certificate for connecting to Google Forms is valid. Not selected by default. |
Proxy Server Address | Optional The address of the proxy server to use. |
Proxy Username | Optional The proxy username to authenticate with. |
Proxy Password | Optional The proxy password to authenticate with. |
Connector rules
TheGoogle Forms – Responses Connector supports proxies.
Connector events
The following example shows the JSON output of a Google SecOpsevent that theGoogle Forms – Responses Connector generated:
{"responseId":"RESPONSE_ID","createTime":"2024-09-05T11:43:13.892Z","lastSubmittedTime":"2024-09-05T11:43:13.892123Z","event_type":"Question","questionId":"78099fe3","textAnswers":{"answers":[{"value":"Option 1"}]}}Need more help?Get answers from Community members and Google SecOps professionals.
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-02-18 UTC.