Google Drive API Prerequisites
To integrate with Google Drive, make sure the following prerequisites are in place.
- Enterprise or Business G Suite license.
- Super Admin account in your organization's G Suite. Super Admins have administrator permissions and access to the Admin console and corresponding actions in the Admin API. This is required to integrate Google Drive with Skyhigh CASB via API.
- Data Access permissions. Data Access permissions provide access to specific data. Go to Apps > Google Workplace > Drive and Docs > Features and Applications in Admin Console.
- Feature and Applications. This page manages which features and applications are available to users in your organization. Scroll down to Drive SDK and click Edit. Make sure to enable the below checkbox:
- Drive SDK. Permissions that allow users to access Google Drive with the Drive SDK API. Learn more here.
- Drive SDK. Permissions that allow users to access Google Drive with the Drive SDK API. Learn more here.
- G Suite Audit access. Use the G Suite Admin Console to pre-configure your account for Audit access. Learn more here.
Authorize Skyhigh CASB
To grant Skyhigh CASB access to your Google Drive account, perform the following method.
Authorize Manually
- In the G Suite admin console, go to Security > Access and data control > API controls.
- Scroll down and go to Domain wide delegation. Click MANAGE DOMAIN WIDE DELEGATION.
- Click Add New. On the Add a new client ID screen, configure these:
- Client ID. Add the following Client ID based on your environment:
- For the Skyhigh CASB production environment at https://www.myshn.net:
217918566396-68pp4387k4c64fiqm15c4g525o91q1s1.apps.googleusercontent.com
- For the Skyhigh CASB EU/Germany/Frankfurt environment at https://www.myshn.eu:
1070394232102-aq7i1v2p5pbj7bc5ereln0k80csk9a9e.apps.googleusercontent.com
- For the Skyhigh CASB Canada environment at https://www.myshn.ca:
service-account-client-caprod@shn-offlinedlp-caprod.iam.gserviceaccount.com
- For the Skyhigh CASB GovCloud / FEDRAMP environment:
Please contact {{corp}} Technical Support or your assigned deployment engineer
When your Google setting for Unconfigured third-party apps is set to Allow users to access third-party apps that only request basic info needed for Sign in with Google, then add the below client ID:
- For the Skyhigh CASB production environment at https://www.myshn.net:
217918566396-s08ivlm52p7kms7uv1stl4kvk017kr6k.apps.googleusercontent.com
- For the Skyhigh CASB EU/Germany/Frankfurt environment at https://www.myshn.eu:
1070394232102-8jc3948cg0nhfd5dub96769bh3rdv4tq.apps.googleusercontent.com
- For the Skyhigh CASB GovCloud / FEDRAMP environment:
508672190013-3nusl11cslbrv6ijnbq2aeqvqefkj4on.apps.googleusercontent.com
- OAuth scopes (comma-delimited). Copy and paste the following 10 API scopes:
https://www.googleapis.com/auth/admin.directory.domain.readonly, https://www.googleapis.com/auth/admin.directory.group, https://www.googleapis.com/auth/admin.directory.group.readonly, https://www.googleapis.com/auth/admin.directory.orgunit, https://www.googleapis.com/auth/admin.directory.user, https://www.googleapis.com/auth/admin.directory.user.security, https://www.googleapis.com/auth/admin.reports.audit.readonly, https://www.googleapis.com/auth/admin.reports.usage.readonly, https://www.googleapis.com/auth/drive, https://www.googleapis.com/auth/drive.file
- Click AUTHORIZE.
Once Skyhigh CASB is configured with Google Drive account, you can view the below screen: