home

Security Service Edge

Mobile Endpoint SecuritySecurity Service Edge
Mobile Endpoint SecuritySecurity Service Edge

Lookout Product Documentation

Find answers about using and optimizing Lookout products.

Show Contents

Security Service Edge

Onboarding Google Workspace Suite and Applications

Onboarding Steps in Secure Cloud Access

  1. From the Management Console, select Administration > App Management and click New.
  2. Select Google Workspace.
  3. Enter a Name.
    The name must include only alphanumeric characters, with no special characters other than the underscore, and no spaces.
  4. (Optional) Enter a Description.
  5. Click Next.
  6. Select Google Workspace applications:
    • Gmail (Web App) - For standard Gmail traffic
    • Gmail (SMTP) - For Gmail traffic processed through the Lookout gateway
    • Other Apps (Other Google applications)
    • Google Drive
  7. Click Next and select protection models.

    The available protection models depend on the applications you selected..

    Google Workspace applicationProtection models available
    Gmail (Web App)App Authentication App Access Dynamic DRM

    Gmail (SMTP)

    (Available based on customer license)

    		Email
    Other AppsApp Authentication App Access Dynamic DRM
    Google Drive

    App Authentication App Access

    API Access Dynamic DRM

    Cloud Data Discovery

    Some protection models require one or other models to be enabled or must be selected for specific functions.

    • App Authentication requires either API Access or App Access protection modes to be enabled.
    • Dynamic DRM requires either API Access or App Access protection models to be enabled.
    • You must select the Cloud Data Discovery and API Access protection models if you want to implement Cloud Data Discovery (CDD) for this cloud application.
    • Click Next.
  8. Enter configuration information.
    The available fields depend on the protection models you selected.

    • Proxy settings (required mainly for App Access protection model)

      • The Custom HTTP Header Name and Custom HTTP Header Value fields are configured on the cloud type level (as opposed to the cloud application level). If this is the first Google Workspace cloud application you are onboarding, the values you enter in these two fields will apply to all other Google Workspace cloud applications you onboard.
      • If this is not the first Google Workspace cloud application you are onboarding, these field values will be initialized from the first onboarded Google Workspace cloud application. If all of your onboarded Google Workspace cloud applications must be independent of one another, make sure that the Custom HTTP Header Value field is empty for all of your Google Workspace cloud applications.
      • Login Domain -- Enter your enterprise business domain name.
      • The Restricted Modules and Restriction Value fields are configured on the cloud type level (as opposed to the cloud application level). If you are onboarding multiple Google Workspace applications, make sure that the module configurations are the same for all of the applications.

      • Restricted Modules - Whether a module will be able to bypass the proxy or be blocked.

        • Unchecked - Unchecked modules/applications will go through the proxy.
        • Checked - Check modules/applications will behave according to the Restriction Behavior selections.

      • Restriction Behavior - How Google Workspace will restrict the selected modules.

        • Bypass Proxy - The restricted modules will bypass the proxy.
        • Block - The restricted modules will be blocked.
      • Specific Domains - Leave this field blank.

      • API Settings (required for API Access protection model)

        • Internal domains - Enter necessary internal domains, along with enterprise business domains.

      • Archive Settings (for Google Drive) -- Enables archiving of files that are either permanently deleted or replaced by Content Digital Rights policy actions. Archived files are placed in an Archive folder under a CASB Compliance Review folder created for the cloud application. You can then review the files and restore them if needed.

        When the authorized administrator for a cloud account is changed in Secure Cloud Access, previously archived content in the CASB Compliance Review folder that is owned by the previous administrator should be shared with the new authorized administrator to enable archived data to be reviewed and restored.

        Two options are available:

        • Remove from Trash

        • Archive

          For Permanent Delete policy actions, both options are disabled by default.For Content Digital Rights, they are enabled by default.

          Click the toggles to enable or disable the settings.

          Enter the number of days for which to retain archived files. The default value is 30 days.

      • Authorization -- If you selected Google Drive as one of your Google Workspace applications, authorize Google Drive and click Next.

        Review the instructions that appear and click Continue to authorize access to your Google Drive account. Enter your account credentials.

        In the Summary page, review the summary information to verify that all information is correct. If it is, click Save to complete onboarding.

Last updated: November 20, 2024

lookout-footer

Legal Privacy Policy Cookie Policy Transparency Report Compliance Info Compliance Info (Gov)

© 2024 Lookout, Inc. LOOKOUT®, the Lookout Shield Design®, LOOKOUT with Shield Design® and the Lookout multi-color/multi-shaded Wingspan Design® are registered trademarks of Lookout, Inc. in the United States and other countries. DAY OF SHECURITY®, LOOKOUT MOBILE SECURITY®, and POWERED BY LOOKOUT® are registered trademarks of Lookout, Inc. in the United States. Lookout, Inc. maintains common law trademark rights in EVERYTHING IS OK, PROTECTED BY LOOKOUT, CIPHERCLOUD, and the 4 Bar Shield Design.