When trying to ingest GSuite logs using the Google Workspace log source, an error appears: "failed GSuite healthcheck: googleapi: Error 401: Access denied. You are not authorized to read activity records., authError".
To resolve this issue, create a new Google Workspace log source, including a new OAuth app in Google Workspace, making sure that you're logged into your Google Workspace with an administrator account. If this new log source successfully ingests log events from Google into Panther, then you can remove the old log source. If the new log source fails again, please contact Panther support.
This issue can occur when the integration is set up using a non-administrator account on the Google side.