Email analysis engine

Aurora uncovers unmanaged identities across Google Workspace, Microsoft 365, and other business systems using an identity-first discovery model. The engine links email metadata to identity risk, never inspects content, and applies our curated domain intelligence (Aurora DB) to prioritize action while preserving privacy.

Collected Metadata & Derived Risk Signals

Connect email metadata: one option to quickly test the service is to enable pulling through a cron job (details for Google Workspace below), or have a custom setup to emit the metadata to Aurora.
Metadata-only ingestion: Sender and subject are the only metadata we need, we do not need, read, or store the body of the email.
Service recognition: Multilingual patterns for HR, Finance, Dev, and Security services align each message to Aurora’s AI model, which maps the beginning of every identity.
Risk quantification: Aurora DB's risk scoring transforms output of the AI model analysis metadata into prioritized signals for the security team.

Enable Google Workspace pull

To let Aurora poll Gmail metadata without user-by-user setup, one option, described below, is to enable domain-wide delegation for a service account and allow it to read headers

Enable Gmail API: In Google Cloud → APIs & Services → Library, enable the Gmail API so service account calls to users.messages.list are allowed.
Create a service account: In IAM & Admin → Service Accounts, create one and add a JSON key (or rely on in-cloud credentials). This identity will impersonate mailboxes.
Grant domain-wide delegation: In Admin Console → Security → API controls → Manage DWD, add the service account client ID with the scope https://www.googleapis.com/auth/gmail.readonly.
Run the collector: set scope (e.g., is:unread newer_than:3d), fetch metadata only (format=metadata), and keep a per-user watermark to avoid duplicates.

Deploy as a scheduled job and tune the Gmail query to match the your policies. Aurora consumes the emitted metadata to surface unmanaged identities.