The first step in setting up Egnyte Secure and Govern is to add one or more Content Sources that you wish to monitor. The more sources you add, the more secure your content will be. You can add Cloud and On-premises Content Sources, so no matter where your data is located, it will be monitored. We'll walk you through how to add a Cloud Content Source for Google Workspace (Google Drive) in this article.
- GSuite domain with super-admin privileges
Configure service account
- Log in to Google Cloud Console https://console.cloud.google.com
- If the project does not exist create one choosing some name for the project.
- Go to service accounts management screen IAM & Admin -> Service Accounts. It should display the list of already configured service accounts.
- Create new service account and proceed with the creation wizard
- Choose a name and description for the service account. Select the defaults on the subsequent screens.
- Create a private key for the service account. The key will have to be exported to P12 format and downloaded to the local hard drive.
- Enable domain-wide delegation for the service account (switch to Edit mode first at the top of the page)
- Record the service account client id and email in the details view in service accounts list
- Click "Save"
Enable the APIs in Google Cloud Console
- Go to APIs & Services -> Dashboard to view the summary of currently used APIs
- If Google Drive API and Admin SDK are not visible in list enable them
Configure domain-wide delegation
- Go to GSuite Admin console https://admin.google.com
- Log in as a user with Super Admin role
- (optional) Create a dedicated user for the purpose of Egnyte connection. Alternatively you can use the user account with which you logged in.
- Ensure that the user has Super Admin role. If not assign the required role.
- Go to Dashboard -> Security -> API Permissions
- Navigate to Domain-Wide delegation configuration
- Add new API client corresponding to the service account created in the previous steps
- Configure the API client ID and OAuth scopes required by the client. The Client ID is the ID of the service account visible in through View Client ID link. The required scopes are:
- As a result the client should be visible on the list:
Add Google Drive source
- In Protect Admin Panel go to Settings -> Content Sources -> Add Cloud Source and select Google Drive
- Enter the source configuration. Service account email is the email of the service account configured in the previous steps. It can be obtained by clicking on View Client ID in service accounts list in Google Cloud console.
- Service account user is the GSuite user who has the Super Admin role. It is either the user account by which the GSuite domain is managed or a dedicated account for Egnyte connection.
- File with private key is the private key generated for the service account and saved to the local drive. It has to be saved in P12 format.
- Allow Google Drive Connector to communicate with Secure and Govern
- When the process is complete you should see the confirmation of successful connection of the Google Drive source