This section provides instructions for connecting Cloud App Security to your existing G Suite account using the connector APIs.
Configure G Suite
As a G Suite Super Admin, log into https://cloud.google.com/console/project.
Click Create project to start a new project.
In the New project screen name your project as follows:
Microsoft Cloud App Security and click Create.
After the project is created, in the tool bar, next to Google Cloud Platform, select the project and then under API click Go to APIs overview.
Under API, disable all the listed APIs.
Click on Library and enable the following APIs (use the search line if the API is not listed in the Popular APIs list):
Ignore the Credentials warning for now.
Google Drive API
Google Apps Marketplace SDK
You should have 5 Enabled APIs:
Click Credentials followed by OAuth consent screen
In Product name shown to users, type Microsoft Cloud App Security.
All other fields are optional.
In the API Credentials screen, click the arrow next to Create credentials.
Select Service account key.
Under Create service account key, choose New service account and type any name, for example Service account 1, under Role choose Project and then Editor and under Key type choose P12 and click Create. Select the Enable G Suite Domain-wide Delegation check box and click Save.
A P12 certificate file will be saved to your computer.
In the Credentials screen, click Manage service accounts in the far right.
Click the 3 dots to the right of the service account you created and select Edit.
Copy the Service account ID assigned to your service - you will need it later.
Open the Google menu by clicking the three horizontal lines next to Google Cloud Platform in the title bar, and select API manager followed by Dashboard.
Scroll down to the list of enabled APIs and click on the settings cog next to Google Drive API.
Fill in the following:
Application Name: Microsoft Cloud App Security.
Short Description & Long Description (optional): Microsoft Cloud App Security provides you with visibility into cloud applications, helping you control, investigate and govern cloud application use; secure corporate data; and detect suspicious activities for any cloud application.
Google requires you to upload at least one application Icon. Go to https://portal.cloudappsecurity.com/cas/static/files/MSLogos.zip to download a zip file containing Cloud App Security icons. Then, under Application icon drag and drop the 128x128 and 32x32 images.
Under Drive Integration type the following under Open URL:
In the Enabled APIs list, click the setting cog setting next to Google Apps Marketplace SDK.
If the cog is disabled, you can click on Google Apps Marketplace SDK instead.
Select the Configuration tab.
Copy the Project number (App ID) that appears at the top to use later.
The Application Name should say Microsoft Cloud App Security.
Fill in the Application description field with "Microsoft Cloud App Security provides visibility into cloud apps, helping you control, investigate and govern cloud app use; secure corporate data; and detect suspicious activities for any cloud app."
Uncheck the Enable individual install check box.
Configure the 4 required images under Application icons.
The images can be found at: https://portal.cloudappsecurity.com/cas/static/files/MSLogos.zip
Fill in the following Support URLs:
Under OAuth 2.0 scopes copy and paste following. You have to copy them one at a time and press Enter after each one:
Click on Save Changes.
Go to admin.google.com and then choose Security.
Choose API reference.
Select Enable API Access and click Save changes.
Configure Cloud App Security
In the Cloud App Security portal, click Investigate and then Connected apps.
In the Connected apps page, click the plus sign and select G Suite.
In the pop-up, fill in the following:
Service Account email address that you copied in step 16.
Project number (App ID) that you copied in step 21.
Upload the Certificate P12 that you saved in step 12. You will need the password you saved to do this.
Enter one admin account email of your G Suite admin.
If you have a G Suite unlimited account, check this check box. For information about which features are available in Cloud App Security for G Suite unlimited, see Enable instant visibility, protection and governance actions for your apps.
Click Save settings.
Follow the link to connect to G Suite. This will open G Suite and you will be asked to authorize access for Cloud App Security.
Make sure the connection succeeded by clicking Test now.
Testing may take a couple of minutes.
After receiving a success notice, click Done and close the G Suite page.
After connecting G Suite, you will receive events for 60 days prior to connection.
After connecting G Suite, Cloud App Security performs a full scan. Depending on how many files and users you have, completing the full scan can take awhile. To enable near real time scanning, files on which activity is detected are moved to the beginning of the scan queue, for example a file that is edited, updated, or shared is scanned right away and doesn't wait until it is reached by regular scan process. This does not apply to files that are not inherently modified, for example files that are viewed, previewed, printed or exported.