Google Workspace: Configuring mobile device cutoff

Disabling Google workspace password sync agent

The Google Workspace Password Sync Agent must be disabled before deploying the Google Workspace mobile mail cutoff feature. Forcepoint ONE SSE requires the ability to manage users' passwords in Google on an ongoing basis, which conflicts with Google Workspace Password Sync Agent functionality.

Enabling API access

You will need to login to the Google admin console to enable API access.

• In the Google Apps admin console, click Security, then API Reference. Then check Enable API Access.
  
  
  
  
  

Granting Forcepoint ONE SSE API access

Forcepoint ONE SSE have provided links to allow you to quickly grant Forcepoint ONE SSE API Access.

• Authorize Access
• Accept the following access privileges:
  • View and manage organization units on your domain
  • View and manage the provisioning of groups on your domain
  • View and manage the provisioning of users on your domain
  • View and manage your mobile devices' metadata
• Once you are done you can then navigate back to the Forcepoint ONE SSE portal and enable migration and cutoff on the Google Apps page.
  1. Select the app instance on the Google Apps page and select the specific app instance you are making changes to.
  2. On the Google Apps Instance page enable cutoff.
     
     
     
     
     
• Once you are done with the setup navigate back to Forcepoint ONE SSE and to the Protect > Policies page and scroll down to the G Suite application. Before setting up a policy line to send users through Secure App Access (reverse proxy) you will need to setup one policy line for Direct App Access and have an admin or a user login directly once to validate the SAML SSO setup. Once done you can then adjust your policies to start sending people through the Forcepoint ONE SSE proxy.