Fortinet black logo

Deployment Guide

Home FortiCASB 21.4.0 Deployment Guide
21.4.0
21.4.0

Create Google Service Account

Create Google Service Account

A service account created for the Google Workspace account is required to add the account to FortiCASB. The service account needs to be created in the project that has OAuth Consent Screen created to activate Google Workspace Domain-Wide Delegation. Google Workspace Domain-Wide Delegation is necessary for FortiCASB to visit files in Google Workspace.

Without the service account, you can still use FortiCASB. However, the features related to files in FortiCASB, such as Discovery, will not work.

For more information regarding service accounts and domain-wide authority delegation, go to: https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority

Steps to create Google Service Account:

  1. Go to the Google Cloud Platform console and log in with your Google Workspace account.
  2. With the project selected, click Navigation Menu > IAM & Admin > Service accounts.

  3. Click +Create service account, then enter a Service account name of your preference and click CREATE AND CONTINUE.

    Skip the optional steps, and click Done.

  4. In Service accounts page, Click on the service account you created to enter the Details page, keep a record of the Service Account ID (Email).

  5. Click on Advanced settings drop down menu, and keep a record of the Client ID for use later in Enable Google Drive API & Authorize Client ID.

  6. Click the KEYS tab, then click ADD KEY drop down menu and select +Create new Key.

    7. Then select P12 key format and click CREATE. The P12 private key will be downloaded automatically.

Keep the Service Account ID and P12 private key later for Google Workspace authentication during installation.

The Client ID will be used later in Enable Google Drive API & Authorize Client ID.
Previous
Next

Create Google Service Account

A service account created for the Google Workspace account is required to add the account to FortiCASB. The service account needs to be created in the project that has OAuth Consent Screen created to activate Google Workspace Domain-Wide Delegation. Google Workspace Domain-Wide Delegation is necessary for FortiCASB to visit files in Google Workspace.

Without the service account, you can still use FortiCASB. However, the features related to files in FortiCASB, such as Discovery, will not work.

For more information regarding service accounts and domain-wide authority delegation, go to: https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority

Steps to create Google Service Account:

  1. Go to the Google Cloud Platform console and log in with your Google Workspace account.
  2. With the project selected, click Navigation Menu > IAM & Admin > Service accounts.

  3. Click +Create service account, then enter a Service account name of your preference and click CREATE AND CONTINUE.

    Skip the optional steps, and click Done.

  4. In Service accounts page, Click on the service account you created to enter the Details page, keep a record of the Service Account ID (Email).

  5. Click on Advanced settings drop down menu, and keep a record of the Client ID for use later in Enable Google Drive API & Authorize Client ID.

  6. Click the KEYS tab, then click ADD KEY drop down menu and select +Create new Key.

    7. Then select P12 key format and click CREATE. The P12 private key will be downloaded automatically.

Keep the Service Account ID and P12 private key later for Google Workspace authentication during installation.

The Client ID will be used later in Enable Google Drive API & Authorize Client ID.
Previous
Next