Google - Authentication
UX = dope.security. That's why it takes seconds to get CASB Neural scanning your Google Drive.
Last updated
UX = dope.security. That's why it takes seconds to get CASB Neural scanning your Google Drive.
Last updated
Under CASB, select Google. Self-enroll with the URL or send it to your Google admin.
Your Google admin will need to copy & paste permissions into the Google admin console (Underneath API Controls -> Domain-Wide Delegation)
These are the required Google scopes
"https://www.googleapis.com/auth/drive", "https://www.googleapis.com/auth/admin.directory.user", "https://www.googleapis.com/auth/admin.directory.domain.readonly", "https://www.googleapis.com/auth/admin.directory.customer.readonly", "https://www.googleapis.com/auth/drive.activity.readonly", "https://www.googleapis.com/auth/admin.directory.group.readonly", "https://www.googleapis.com/auth/admin.directory.user.readonly", "https://www.googleapis.com/auth/admin.directory.user.security", "https://www.googleapis.com/auth/admin.reports.audit.readonly", "https://www.googleapis.com/auth/gmail.settings.basic",
admin.directory.user
admin.directory.domain.readonly admin.directory.customer.readonly admin.directory.group.readonly admin.directory.user.readonly
Retrieves group member information for user/group import, identify posture (2FA/Admin) for CASB Neural SSPM
admin.directory.user.security
Retrieves OAuth tokens and allows deletion for CASB Neural SSPM
admin.reports.audit.readonly
Retrieves logs for OAuth apps for CASB Neural SSPM
gmail.settings.basic
Retrieves mail rules (not email content) to find suspicious mail rules for CASB Neural SSPM
drive drive.activity.readonly
Retrieves drive information for CASB Neural DLP
About Google Admin Console Configuration
To complete authorization the Google admin will need to copy & paste the scopes into the Google Admin Console. You must be a Google admin to continue.
Because of CASB Neural's sensitive permissions, the scopes are added to Domain Wide Delegation page. It's under: Security > API Controls > MANAGE DOMAIN WIDE DELEGATION in the Google Admin Console.
From here, you will add a new domain-wide delegation to their account. This includes CASB Neural's client ID and the required scopes (provided).
See Google help docs here
The final step is to provide the Google Workspace super admin email
Once the correct email is entered, you're done! It's that simple. dope.security will now scan your tenant, uncover any publicly shared files with sensitive data, and classify them.
SSPM Coming Soon: Uncover all third-party apps connected to your Microsoft 365 or Google SaaS tenant, neatly organized by access type: global, limited, or login access.
