Enabling the Google Drive Connector

To enable the Google Drive Connector, follow the steps below.

To complete the steps below, you must be assigned the following FortiDLP operator permissions: Can read saas connector configuration Can edit saas connector configuration Can read integration configuration Can edit integration configuration

Prerequisites

You must complete the following prerequisites before setting up the connector in FortiDLP.

Google Drive Connector prerequisites

Prerequisite	Description
How to ensure FortiDLP users can be mapped to Google Drive events	Ensure that Google Drive events can be mapped to existing users that have been synced to FortiDLP.
How to retrieve Google credentials	Create a Google project and service account, retrieve the service account's credentials, and add the credentials to FortiDLP. This will allow FortiDLP to access Google Drive events.

How to ensure FortiDLP users can be mapped to Google Drive events

In order for a FortiDLP user to be mapped to a cloud event, the primary email address of the user who generated an event in must match an email address URI assigned to an existing user in FortiDLP. For information on user-event mappings, see User-event mapping, and for information on syncing users, see Users.

How to retrieve Google credentials

To receive Google Drive events, you must create a Google project, service account, retrieve the service account's credentials, and then add the credentials to FortiDLP. See steps 1-4 in Google credentials to do this.

Setup

Once you have completed the prerequisites above, follow the steps below to enable the connector in FortiDLP.

How to enable the Google Drive Connector

1. In the FortiDLP Console, on the left-hand sidebar, click .
2. Under Integrations > Google, select Connectors.
3. On the top-right corner of the page, click Add new connector.
4. In the Name field, type a name to identify the connector.
   
5. Under Authentication > Credentials, select a set of credentials.
6. Optionally, in the Monitored users section, do one of the following:
   • To receive events for all users:
     1. In the Include section, leave the All entities radio button selected.
     2. In the Exclude section, leave the No entities radio button selected.
   • To receive events for a subset of users by only selecting labels to include:
     1. In the Include section, select the Specific users (by label) radio button.
     2. In the labels list, select one or more labels for the users you want to monitor.
     3. Do one of the following:
        • To include users that have all of the selected labels, select the Require all radio button.
        • To include users that have any of the selected labels, select the Require any radio button.

        For example, to receive events for all users with a "Sales" label or a "Finance" label: In the Include section: Select the Specific users (by label) radio button. In the labels list, select the Sales and Finance labels. Select the Require any radio button.

   • To receive events for a subset of users by selecting labels to include and exclude:
   1. In the Include section, follow the steps above.
   2. In the Exclude section, select the Specific users (by label) radio button.
   3. In the labels list, select one or more labels for the users you do not want to monitor.
   4. Do one of the following:
      • To exclude users that have all of the selected labels, select the Require all radio button.
   • To exclude users that have any of the selected labels, select the Require any radio button.

   For example, to receive events for users with a "Manager" label and a "Product" label, but not a "Windows" label: In the Include section: Select the Specific users (by label) radio button. In the labels list, select the Manager and Product labels. Select the Require all radio button. In the Exclude section: Select the Specific users (by label) radio button. In the labels list, select the Windows label. Select either the Require all or Require any radio button.

Click Create.