Google - Authentication
Last updated
Last updated
From the CASB tab in dope.console, select Google from the left-hand panel.
The authentication URL can either be self-enrolled, or sent to your Google admin to grant the required permissions to dope.security.
At the authentication URL, the Admin will need to copy & paste permissions into the Google admin console (Underneath API Controls -> Domain-Wide Delegation)
These are the required Google scopes
"https://www.googleapis.com/auth/drive", "https://www.googleapis.com/auth/admin.directory.user", "https://www.googleapis.com/auth/admin.directory.domain.readonly", "https://www.googleapis.com/auth/admin.directory.customer.readonly", "https://www.googleapis.com/auth/drive.activity.readonly", "https://www.googleapis.com/auth/admin.directory.group.readonly", "https://www.googleapis.com/auth/admin.directory.user.readonly", "https://www.googleapis.com/auth/admin.directory.user.security", "https://www.googleapis.com/auth/admin.reports.audit.readonly", "https://www.googleapis.com/auth/gmail.settings.basic",
To complete authorization the Google admin will need to copy & paste the scopes into the Google Admin Console You must be a Google admin to continue.
Because of the sensitive permissions required to do a CASB scan, the scopes are added to Domain Wide Delegation page. It's under: Security > API Controls > MANAGE DOMAIN WIDE DELEGATION in the Google Admin Console.
From here, the admin adds a new domain-wide delegation to their account. This includes the client ID of CASB Neural and the list of scopes required. The Client ID and the scopes are provided in the setup process.
See the Google help docs here
The final step of the process is to provide the Google Workspace Super Admin Email.
Once the correct email is entered, you're done! It really is that simple, dope.security will now scan your tenant, uncover any publicly shared files with sensitive data, and classify them.
SSPM Coming Soon: Uncover all third-party apps connected to your Microsoft 365 or Google SaaS tenant, neatly organized by access type: global, limited, or login access.