Set drive.google.com as the target host in the Reverse Proxy, which is used to reconstruct the headers. Access Google Drive only via IdP. Direct login to Google Drive without IdP is not supported.
- The recommended use case is managed device, Redirect All to access the GSuite applications.
- The unmanaged device allows only GDrive or Gmail and Block All other GSuite applications. If other GSuite applications are not blocked, then the users accessing those apps can bypass the reverse proxy and cannot enforce policies via reverse proxy due to the nature of other GSuite apps/CSP side challenges, so it is recommended to block those GSuite apps.
- Login error in Google Drive. In Google Chrome, open the Network tab check for a 401 error. This could happen due to the following reasons:
- Username extraction issue from the SAML assertion.
- Multi-part or mixed requests.
- Login errors accessing other apps via reverse proxy. All apps are not yet supported. Check with Skyhigh CASB Support to make sure if the app you want to use is supported and certified.
- Upload or download is not working or taking too long to respond. Some requests may not have been handled. Record the HAR and share it with the Skyhigh CASB Support.
- The behavior of blocked files for Google Drive is different compared to other CSPs.
- You cannot download the file, and see a message that says “Could not Download".
- You see a tombstone file when you download a file. In some cases, you also see this when you open in separate browser tab.