Enabling and configuring API scanning in Forcepoint ONE SSE

Steps to enable and configure API scanning in Forcepoint ONE SSE.

1. Start by opening a new tab/window and logging into the Forcepoint ONE SSE portal. Navigate to Protect > Policies and click on the Google Workspace to open the settings page. Select Setup API.
   
   
   
   
   
2. Check the box for Google Suite and then fill out the 3 fields: Enter your Google Admin Email, copy over theService Account Email from the Google Service Account creation section above, and then upload the Service Account Key that you created and downloaded. Click Save.
   
   
   
   
   

   For customers who were already setup for Google API scanning using Forcepoint ONE SSE's Google service tokens you will instead see a Migrate to Customer Credentials option. Click on this option to open up the other fields shown above to use your own generated Google Service Account.

   
   
   
3. Select Enable API scanning and then click Save.
4. Now you are setup to configure who (users) gets scanned and what you are scanning for (Data Patterns). To learn about configuring the settings for scanning (what type of content you are looking to identify) as well as policy actions, refer to Configuring API policies.
   
   
   

   You can use the Test button on the Google Setup API page to check if the connection is healthy. The status of the API connection can also be viewed on the Google Apps page (Green check indicates a healthy connection, Red cross indicates that the setup is not complete or is in error).

   Note: Customers who wish to auto register users from Google Directory as a local user in Forcepoint ONE SSE can do so via this API integration. Reach out to support to have them enable this feature in your tenant.

   Note: You cannot configure Forcepoint ONE SSE data patterns alongside Forcepoint DLP data pattern. Refer to Configuring FSM controlled policies for CASB and SWG channels to enable the Forcepoint DLP data pattern.