Enabling Google for API integration

Steps for enabling Google for API integration.

1. Open any Google App and then navigate to Google apps > Admin to open Google Admin portal.
   
   
   
2. On the Google Admin Console, navigate to Security > Access and data control > API Controls.
3. In the Domain wide delegation section, click Manage Domain Wide Delegation at the bottom of the page.
   
   
   
4. On the Domain-wide Delegation page, click Add New.
   
   
   
5. In the new dialog window, enter the Client ID and then enter each of the scopes that you want to grant access to. Each scope can be added on it's own line. Click Authorize when you are done.
   • Client ID: Paste the Unique ID you generated with your Google Service Account above in Step 7. For the Service Account we created above it would be: 114007302544671703742
   • GDrive Scopes: https://www.googleapis.com/auth/drive, https://www.googleapis.com/auth/admin.directory.user.readonly, https://www.googleapis.com/auth/admin.directory.user.security
     • Gmail Scope: https://www.googleapis.com/auth/gmail.readonly
     • Calendar Scope: https://www.googleapis.com/auth/calendar.readonly
       
       
       
   • Google Audit Reports: https://www.googleapis.com/auth/admin.reports.audit.readonly
6. Once added, you will see the new API Client and scopes. You can edit it after the fact to add more scopes if you did not add them all originally. For example if you configured the client to only scan GDrive but later wanted to add the scopes for Gmail and Calendar to have Forcepoint ONE SSE scan those services, you can edit the API Client and add those scopes as needed.
   
   
   
7. On the left navigation pane of Google Admin portal page, navigate to Apps > Google Workspace > Drive and Docs.
   
   
   
   • On the Drive and Docs page, select Features and Applications. On the next page, ensure that the Drive SDK option that Allows users to access Google Drive with the Drive SDK API is ON. If it is not, click into it and check the box to turn it on. Then, click Save at the bottom.
     
     
     
     
     
     
     
8. Once done with the above configuration, you can now navigate to Forcepoint ONE SSE and configure the API scanning. See the next section for how to enable and configure API scanning in Forcepoint ONE SSE.