Transcript

Brandon Carter:

Hello, everybody. Welcome back in to today's edition of gPanel Office Hours Live.

If this is your first time at gPanel Office Hours, this is our sort of education and get to know you sessions for the gPanel tool. And we try to follow the same outline every time.

We'll do some introductions. We're going to go through the most recent updates , and then we're going to do a deep dive on a specific topic. Today, that topic is the gPanel API and Rules Engine. And as always, we will finish up with taking your questions.

So, a bit about the people are going to be hearing from. I'm Brandon. I am the Marketing Director at Promevo and joining us today. And your primary presenter today is John Pettit. He is our Chief Technology Officer, and really the technological guru behind all things Promevo.

So, who is Promevo? We are a Google Premier sales, service, and support partner, basically everything that falls underneath your Google Cloud umbrella, that's your Chromebooks, your ChromeOS devices your Google Workspace, Gemini. All those products and services that you know and love from Google.

That's what we manage on your behalf. And we do a lot of stuff that that helps you integrate those within your organization, things like enablement, helping your users use the tools better, migrations. If you want to move into Google Cloud, for example, or if you want to move away from Microsoft Office, those are all the things that we do.

And of course, gPanel is a significant part of that. It's our proprietary tool that helps you manage your Google Workspace and, imagine like the Google Workspace admin console, but with way more power imbued into things like automations being able to set like custom groups, custom permissions.

It's really meant to give you this omniscient power over your Workspace and to help eliminate like security risks and to help keep your users in line.

If you haven't signed up yet you can go to promevo.com/gpanel and get yourself a demo.

Let's get into the meat and potatoes here. Like I said, every time we do these, we always want to start with what's new. So what's been updated or added to gPanel since the last time we held gPanel Office Hours.

With that, I'm going to tag in John to talk about a couple of new updates that have been added.

John Pettit:

Thanks everybody for joining today.

Since our last monthly gPanel Office Hours, the team has been busy. One of the newest releases is a Rules Engine, and I'll show that in today's webinar. So I don't want to talk about it too long, but basically allows you to do the "if this, then that" type engine of automation within Workspace and event triggers and action, given some conditions.

We've also added more to the version two UI, and I don't know if everybody's turned that on or not, but you can go into gPanel and at the upper right, just toggle on V2 of the user interface.

In there, you'll now see that we've brought the calendar UI over. We've added some usability enhancements to that, some formatting, and some ways to make it easier for you to manage your users' calendars.

We've also rolled out the new device management UI in there for mobile and Chrome devices. We've unified some of the fields that Google had in their interface. We've made them available through gPanel.

We've also brought in some of the bulk actions to make it easier for things like deprovisioning devices or removing deprovision devices from your list of devices on your domain as well as like some fields like location on a Chrome devices.

I'm going to switch over to share my screen and just show a few things in here real quick. And what I was saying before with the new releases, if you want to toggle on the new user interface with kind of some of the functionalities of filtering, sorting some of the new things we've added to the different screens, that's available up here to any admin just by toggling on version one, version two.

So it seems to be steadily making progress improving the app, but all the latest stuff is going into the V2 of the interface. And what I was talking about here around calendars. Again, if I want to bring up just a calendar to show somebody we've added in a new UI, new feel, new sorts, kind of ability to see the toggles and events.

And we've done the same thing under the mobile device management here. So if you haven't taken a look at those in your interface, go ahead and take a look.

I'm going to pop over to API topics now. So, gPanel Enterprise has an API capability. And if you have a developer on your domain that you want to be able to allow to automate some of the gPanel actions, you can come to developer.promevo.com and you can register your account.

What happens from there is our support team will validate that you have license and access, and they'll give that developer an account to register an app. And we're using Apigee on our own to surface the APIs to our users. That doesn't immediately give them access to do any kind of development on your domain, but it's the first start.

So once you've signed in, you can go to get started, which would give you some quick access. You can get a list of APIs, and the APIs that we have. I'll talk through here today are visible.

Also, what you'll need to do is you'll have to create an app. So your developer will create an app. Here I have ThunderApps to demo the gPanel API. And that will give an API key to them. They will come in here, create ThunderApps, get their API key, and they will tell the admin on the gPanel side what that key is, so that you can allow that app access to the gPanel instance that you have.

They would find that over in gPanel, under administration, gPanel API, and you can see on mine, I've registered ThunderApps, allowed it and I put in a token.

So, this is essentially how you connect up the first part of the API.

Now back on the API front. If they come in here and they want to learn more about APIs, the APIs that gPanel has today are one to allow you to view any of the application logs, because you have some actions that are happening delegated on behalf of a gPanel user.

You may want to be able to pull down those logs for security monitoring or to kind of time correlate them versus your other admin logs with a Workspace. So this API end point gives you the ability to pull those out and scroll through them, and I'll demonstrate, the APIs once I get a little bit further in here.

Each one, if you click on it, has an OpenAPI definition, tells you the endpoint, tells you the methods available, and we'll show you how to get, what the results will come back as.

If I come back to APIs, like I said, you can view applications. If you've codified a DCOM policy and you want to invoke it based on some other event, you can call our DCOM policy from the API.

You can see him with an onboard policy that triggers, based on a new user action or just any kind of regular policy you've set up in gPanel. You can also add, update and delete user records.

So, these APIs are handy if you have a trigger outside of gPanel, or a system like an HR system where users are being created and you want to complete the flow, but you don't want to have to code every step of what happens. You can codify that into a policy for onboarding, or if you had somebody who's suspended in your HR system and you want to trigger a decom policy automatically, you can use some code or you can use an intermediate tool like Zapier to pick up the event from that system and then trigger the API in gPanel.

And just again, like to show DECOM policy, it's a post method past the DECOM ID that you would get from gPanel.

Before I show some of these in action, I do want to pop back over to gPanel and just remind people where to find policies. So in automation, I can set up a policy and a policy is really just a workflow with a set of actions.

So if I look at this one, I can come into actions. This one will run given a target user to create an email label, add to a Shared Drive, add to a group, and each one of these steps can have a set of configurations. So, if I step into action configuration, you'll see, add to Shared Drive which Drive is that, or add to group, which group is that.

So it allows you to. basically codify the actions that you want to have happen in one workflow and then be able to trigger that from another system. So I'm going to pop over to show this in action inside of Postman.

In Postman, which is just, a good API kind of test bench or workbench I've set up a couple of these API calls. So I put them all under just a Workspace gPanel. And if I want to look at the first one, app log.

So app log again, like I said, returns any kind of security application logs. It's at this end point. I've passed in an API key, and that's really all I have to do to get this one to work. When I send that off, the response I will get back will be a JSON response.

It gives me a next page token. So if I have more than 200 results, I can page through them. And I can go through here and see for each item in the list, who the user was, what the action they took, what their IP address was, any kind of actions that they did within the environment, and I can pull that out and bring it in either to another logging system, or I can use it to filter, or just use it as a monitoring system. So that's one of the ones that's available out of the box.

For policies, similar type of thing, but it's a post. So again, I have API key here, but I'll have a policy ID that I get from inside of gPanel. I pass that in a JSON request body. And if it's successful, it just gives me a status 200.

So, when I run that one, I would get pretty simply 200 response. Make sure everything worked okay. If not, the standard errors that I could get again are reported inside of that, um, developer.promevo.com.

So like I was looking at the policy success, 200, bad request or IP not authorized, meaning that you have a block somewhere in gPanel that's preventing you from calling the API.

Okay. So pretty clear on how the APIs can work. Now, let me go hop back over to gPanel.

So, we've talked about how APIs allow you to connect things. Sometimes, you don't want to have to pick up the trigger, so you want to respond on a trigger in terms of like bookends of automation. You want something to start from Workspace and then go somewhere else. So, we've added in a Rules Engine into the Enterprise version.

If I add a rule, I have the ability to give it a name, and I can trigger off of Drive admin events. We're also adding additional events to this around groups, users, basically anything you can imagine. So admin events, I can have user creation, group creation, people being added to groups. So this list is expanding pretty much daily right now.

Drive events. Say somebody deleted a bunch of documents and you want to know. Somebody deletes ten documents in the last, call it, one hour. So it looks like maybe somebody's doing something malicious. And you maybe want to restrict it to an OU. So you only want it to happen for demo users.

What do you want to have happen when they do that? Maybe you want a chat message dropped to your space. Maybe you want an email sent. Maybe you want to run a policy that has a set of actions to temporarily suspend them. Or maybe you just want to take a few actions in here real quick, suspend the user, change their password, reset their password.

So we have a set of actions you can run inside of here.

The other one is maybe, When this happens, you want to call out to something else. Maybe you have a platform like Zapier that's doing other API integration and kind of the connective glue. You can post or do a message to that other platform to trigger its action or its workflow.

So maybe that's connecting other systems. This might be useful when you have a user being decommissioned. If the admin event user suspended, maybe once the user suspended in the system, you want to call it to Zapier and it's going to go through and suspend that user and every single other system you have Slack or, maybe you have Office. So you can continue the automation and you can run that automation again, all through the gPanel rules.

So, that is, a pretty quick demonstration of, how APIs work and what they are. I do want to pause to see if we have any questions specific to that. And then we can talk about some use cases.

Brandon Carter:

Well, John, we do have a question that was submitted ahead of time. If I don't have a resource. I've been, gPanel user admin to build API connections, is that something Promevo offers? Like can Promevo just help me connect gPanel to these other systems that are now available?

John Pettit:

Yeah, absolutely. So our services team can do that as a project. So say you want to do a full user onboarding, offboarding automation, but yeah, Maybe you don't have the experience with the tools or the ability to code against it. We can definitely help with that.

Brandon Carter:

That's great. That's all the questions that we have to this point.

John Pettit:

If you hop to the next slide back in the presentation, I do want to just talk through some kind of common use cases that we hear and why we're building this.

One of the things people had asked to be able to do was to detect and respond to malicious Drive activity. So you can use the Rules Engine to have an alert when somebody deletes a number of documents or downloads a number of documents within a time frame, and then you can have it take action by temporarily limiting user access.

Maybe you move them to a different OU, maybe it suspends that account and sends you a notification that allows you to create additional protection and automation around your Drive and your Drive activity.

This also allows you to filter down to specific folders or specific files. So having that conditional focus allows you to do things that you can't normally do. And speaking of kind of that conditional folder or file, it also gives you that ability to do like monitors on specific folders for files uploaded, changed, modified.

Maybe you want to watch a space when excessive admin events have occurred. So again, maybe somebody is deleting, somebody deleted 10 users in the last five minutes and they're in a certain admin OU that's not like a super admin and you want to stop that, right?

You can have a notified chat space to let you know. Maybe you can suspend that user until you investigate.

The next one is maybe you want to fully configure a user when they're out of the Workspace. So you want to trigger maybe a third party service. So the rules triggered when somebody is out of the Workspace based on their OU or policy, you can configure the right template of things, shares, groups, settings, custom fields.

And then if you have something outside of the system, you can call a web service to continue the configuration for other aspects of your environment. Or maybe you wanna apply group templates. So gPanel has this concept of group templates, which allow you to enforce specific group settings so you don't make a mistake, like apps could accidentally having a external group set up when you just use it as an internal security group.

So you can have, when a group is triggered or based in a certain OU or domain, you can have a template applied to it, so that way if somebody accidentally added it. But they didn't configure it with the right settings. You can just have it automatically apply group settings.

So there's an endless amount of combinations of things you can do, but I think the general point is we're allowing you to create more full automation around how you manage your Workspace environment and not have to worry about, is it consistently applied every time?

So I'll pause there. I see there's another question that came from Drew. So Drew, you asked, can gPanel connect into other aspects of Google Workspace, such as Drive and Gmail?

It does today. Yeah, gPanel does allow you to manage people's Drive. So there's a feature in gPanel today that allows you to see a user's Drive, change sharing settings and things like that. It can also connect into gmail or their user account settings to allow you to move delegated access of gmail and things like that.

We don't have the vault integration in there yet where you could see or look at or audit people's email, but you can export out their email from gPanel if you needed to for an investigation.

We are, in the future, looking to add more integration for specific users. Around automation, similar to this that we're doing on the admin side, but that's road map later this year right now, but the Drive events are part of the admin. So if you wanted again, have rules set up for people to trigger automation based on file changes, additions or folder changes or additions. That's possible.

Talk about how to get set up. If you go to the Promevo knowledge base, you can find a guide that walks you through step by step how to access and set up the gPanel , . Which is super helpful and pretty straightforward. Once you get there, you go to developer.promevo.com. That gives you the ability to register the account and start getting the API documentation.

And if you need access to gPanel Enterprise, you'll contact sales or client success. And those features are available at that tier of the product.

Brandon Carter:

That's really exciting. I think this, like watching you go through this and some of the stuff you talk about, I wanted to revisit a couple of points that you hit on and clarify here, because this sounds pretty significant.

So, the first was you mentioned being able to have actions triggered within gPanel from outside sources. So if I can give an example here, are you saying that for example, with the HR team on boards, a new employee from a certain division, can that then connect into gPanel to like provision this person's account, set them into, groups based on what department they work for? Am I understanding that correctly?

John Pettit:

Yeah, and that could be done as easily as basically one API call. So you would provision a policy that sets up that employee correctly based on their group or type. And you would have just some code or a Zapier that would say, oh, new user is added to HR.

Let me go take all this information and create that user inside of Workspace through the API call and run a policy. So two API calls create the user and run a policy and after that, the user should be fully onboarded and set up exactly how you want.

Brandon Carter:

That is super exciting. And then if just getting creative here, like you could even have gPanel then maybe kick off their training.

John Pettit:

Oh, yes. Part of the actions we have in policies. So we didn't talk through all the policy actions. And I think we have a whole nother webinar on that. But one of them is send email so that email could go out to the user. As soon as that policy was triggered, that says, welcome to our corp and here's the page you're going to go to, to click and get access to all the trainings and here's all the information you need and all of our resources.

So their first day of onboarding that email exists in their inbox, waiting for them right after their Workspace was configured. They know exactly what to do.

Brandon Carter:

That's fantastic. This is really high powered stuff to be able to connect your systems in that way. And with that degree of granularity and precision, I think it's pretty significant.

The other one that you hit on that I expected I know we've already gotten questions about it and I know there'll be more questions about it, but you mentioned Zapier, which is the standard for connecting things for those of us, people like me that don't necessarily have the ability to code or even for tools that don't have an open API.

A lot of those, they connect into Zapier. So just to clarify, this allows you to basically connect your Google Workspace into Zapier to trigger everything that happens in that environment.

John Pettit:

Yeah, so like in this kind of circuit board switching of what goes inputs to outputs, right? So you could have your own trigger mechanism calling into the gPanel API from Zapier.

So Zapier gets triggered and it does gPanel API work or Zapier has its own endpoint that allows you to trigger a Zapier workflow. So in the Rules Engine, you could say, here's an event that happened in Google. With my filters, I want it to do some things and maybe call an endpoint and that point would be Zapier.

So then it triggers the Zapier workflow to continue whatever work outside of gPanel you need to do. So when I said like bookends of automation, it's basically like some event happened somewhere and something's watching it and that could be your code, it could be Zapier and it calls it a gPanel. But gPanel also has an event that happened, it can call out. And trigger something else. So you can create a continuous flow between the systems.

Brandon Carter:

That's fantastic. That is huge.

All right we, I think that's it for questions. And again, like if anything comes up, there is an email that's on the screen right now. You can send That it goes directly to myself.

You have a question that you want to ask or you want to discuss an upcoming topic that you want us to dive into. You are welcome to reach out. It'll come straight to me and I promise I will respond. So that'll be it for today. Thanks to everyone who joined us. It was good to see all of you.

We look forward to these every month. Stay in the loop. If you go to promevo.com/gpanel-newsletter, you can sign up for our regular newsletter where we send out information around gPanel and around the Google Cloud ecosystem.

You can sign up for every edition of Office Hours and be automatically registered when we set them up by going to promevo.com/gpanel-office-hours. There's a form there. You fill that out, it'll automatically plug you into the monthly series.

Be sure that you join us for upcoming webinars. Next month. We're going to be covering automation, which we've hit on a couple of times. It's a big topic. That's where a ton of the value in gPanel lies. There is basically like infinite amounts of like things that you can automate. And we covered a few of those today, but obviously it's a massive ecosystem. There's a ton of functions that you can do out there.

July 9th, we're going to cover delegation and then getting into summer, we're going to go into contact sync.

If you have things that you want us to cover, things that you want us to talk about, we want to hear about them. We'll make sure that we flow them in here. We can devote entire webinars to it, or if you want to know about something today, we have a lot of people on our team who are happy to have those discussions with you and walk you through it. You don't have to wait for a webinar.

So with that, we look forward to seeing all of you in the future. Again, if you're new to gPanel and you want to get started, go to promevo.com/gpanel, fill out the form there. You will get a custom demo. We'll walk you through it. We'll help you get set up for success.

In the meantime, we will see you at the next one. Thank you, John, for walking us through that. Much appreciated. And thank you to all of you for showing up and sounding off and we will see you soon.