Configure OAuth Consent Screen

The purpose to create an OAuth Consent Screen is to enable Google Workspace Domain-Wide Delegation when a Google service account is created under a project. Furthermore, with Google Workspace Domain-Wide Delegation enabled, the Google Drive API OAuth scope can be authorized to be used by the service account. This is critical in authorizing FortiCASB to retrieve data from the Google Workspace account.

Be mindful the Google project that will be hosting the service account will play a critical role in providing the authorization that FortiCASB needs to interact with Google Workspace account.

Note: If you have already configured OAuth Consent Screen for the project, you can skip this section.

1. Go to Google Cloud Platform and log in with your Google Workspace account.
2. Click on the project drop-down menu > Select a project. Select an existing project you want to monitor or create a new project by selecting New Project.



3. With your project selected, click the navigation menu and go to APIs & Services > OAuth consent screen.



4. When you get started with OAuth Consent Screen configuration, choose Internal user type, then click CREATE.



5. In the OAuth Consent Screen page, do the following:
   1. Name the app and choose the user that will manage the app within the Google Workspace account.

   

   2. For the App domain, leave it as blank since it will only be for internal use.

   

   3. Click +ADD DOMAIN and enter the domain of this Google Workspace account.

   For example, if the Google Workspace account email address is security_admin@microsoft.com, then the domain is microsoft.com.

   

   4. In Developer contact information, enter the e-mail of the person managing the app.
   5. Click SAVE AND CONTINUE.
6. In the Scopes selection page, click SAVE AND CONTINUE.
7. Review and confirm all settings are correct in the Summary page, then click BACK TO DASHBOARD, the OAuth consent screen should now be added to the project.