The Google Workspace account to be added to FortiCWP requires a Super Admin Role or Custom User Role (recommended) assigned.
It is recommended to create a user within the Google Workspace account, assign it with Custom User Role, then add the account to FortiCWP.
Follow the configurations below to create a Custom User Role, then assign it to a Google Workspace account user.
- Log into Google Admin Console with the Google Workspace with Super Admin Role. (Only Super Admin Role can create Custom Roles)
- From Google Admin navigation menu, go to Account > Admin roles, then click Create new role.
- Fill in a name for the role, a short description, and click Continue.
- Select the role privileges according to the table below, then click Continue.
- Review all the role privileges selected, then click Create Role.
|Admin console privileges|
|Admin API privileges|
|Groups||Create, Read, Update, Delete|
|Billing Management||Billing Read|
|Domain Allowlist Management||Domain Allowlist Read|
The custom role can now be assigned to a Google Workspace user that is designated to be added to FortiCWP.
- Log into Google Admin Console with your Google Workspace Super Administrator Account.
- From the Google Admin navigation menu, go to Directory > Users.
- Click on the user that will be added to FortiCWP Workload Protection.
- Scroll down and click on Admin roles and privileges.
- Click on the edit button to reveal all available roles.
- Click on the toggle switch button to assign the custom user role created. Make sure Super Admin role is not assigned.
- Click Save to finish assigning the custom user role to the user.
After Google Workspace user configuration is completed, continue with the rest of the configurations.