Applies to: Microsoft Cloud App Security

Connect G Suite to Microsoft Cloud App Security

This section provides instructions for connecting Microsoft Cloud App Security to your existing G Suite account using the connector APIs.

Configure G Suite

  1. As a G Suite Super Admin, log in to

  2. Click Create project to start a new project.


  3. In the New project screen, name your project as follows:
    Microsoft Cloud App Security and click Create.

  4. After the project is created, in the tool bar, click on Google Cloud Platform and make sure that the right project is selected in the drop down at the top.

    google project

  5. Under APIs click Go to APIs overview.


  6. Under API, disable all the listed APIs.

  7. Click on Library and enable the following APIs (use the search line if the API is not listed in the Popular APIs list):

    • Admin SDK

    • Audit API

    • Google Drive API

    • Apps Marketplace SDK

    • Gmail API

    google apis


    Ignore the Credentials warning for now.

  8. Click on Enable for each API. enable Google APPI

  9. You should have 5 Enabled APIs, make sure to disable any other APIs:

    google enabled apis

  10. Click Credentials and then select the OAuth consent screen tab.

    • In Product name shown to users, type Microsoft Cloud App Security.

    • All other fields are optional.

    • Click Save.

      Google product name

  11. In the Credentials tab, click the arrow next to Create credentials.

    Google credentials

  12. Select Service account key.

    Google service account key

  13. Under Create service account key, choose New service account, and type any name, for example Service account 1. Under Role, choose Project and then Editor. Under Key type, choose P12 and click Create. A P12 certificate file is saved to your computer.

    Create service account key in Google

  14. Copy the Service account ID assigned to your service - you need it later.

  15. In the Credentials screen, click Manage service accounts in the far right.

    G Suite credentials service account

  16. Click the three dots to the right of the service account you created and select Edit.

    google edit

  17. Select the Enable G Suite Domain-wide Delegation check box and click Save.

    google service account ID

  18. Open the Google menu by clicking the three horizontal lines next to Google Cloud Platform in the title bar. Click on Google Cloud Platform and then click the APIs and services tab in the left-menu.

  19. In the Dashboard that opens, scroll down to the list of enabled APIs and click on Google Drive API.
    Select Google Drive

  20. Click on the Drive UI Integration tab and fill in the following information:

    • Application Name: Microsoft Cloud App Security.

    • Short Description & Long Description (optional): Microsoft Cloud App Security provides you with visibility into cloud applications, helping you control, investigate, and govern cloud application use; secure corporate data; and detect suspicious activities for any cloud application.

    • Google requires you to upload at least one application Icon. Go to to download a zip file containing Cloud App Security icons. Then, under Application icon, click Select next to the 128x128 image and drag it to the popup screen. Click Select next to the 32x32 image and drag it to the popup screen.

    • Scroll down and in the Drive Integration section, type the following URL under Open URL:

      Edit Google Drive

  21. Click Save changes.

  22. Go back to the Enabled APIs list. Click Apps Marketplace SDK.

  23. Select the Configuration tab.

  24. Go to and then choose Security.

    google security

  25. Choose API reference.
    google api enable

  26. Select Enable API Access and click Save changes.

    google api reference

Configure Cloud App Security

  1. In the Cloud App Security portal, click Investigate and then Connected apps.

  2. In the Connected apps page, click the plus sign and select G Suite.

  3. In the pop-up, fill in the following information:

    G Suite Configuration in Cloud App Security

    1. Service account ID that you copied in step 13.

    2. Project number (App ID) that you copied in step 21.

    3. Upload the Certificate P12 that you saved in step 12. You need the password you saved to do this.

    4. Enter one admin account email of your G Suite admin.

    5. If you have a G Suite Business or Enterprise account, check this check box. For information about which features are available in Cloud App Security for G Suite Business or Enterprise, see Enable instant visibility, protection, and governance actions for your apps.

    6. Click Save settings.

    7. Follow the link to connect to G Suite. This opens G Suite and you are asked to authorize access for Cloud App Security.

    8. Make sure the connection succeeded by clicking Test now.

      Testing may take a couple of minutes.

      After receiving a success notice, click Done and close the G Suite page.

After connecting G Suite, you will receive events for 60 days prior to connection.

After connecting G Suite, Cloud App Security performs a full scan. Depending on how many files and users you have, completing the full scan can take awhile. To enable near real-time scanning, files on which activity is detected are moved to the beginning of the scan queue. For example, a file that is edited, updated, or shared is scanned right away. This does not apply to files that are not inherently modified. For example, files that are viewed, previewed, printed, or exported are scanned during the regular scan.

See Also

Control cloud apps with policies

Premier customers can also choose Cloud App Security directly from the Premier Portal.