Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiDLP Administration Guide

    Home FortiDLP FortiDLP Administration Guide

    Google credentials

    Google credentials

    FortiDLP can be integrated with Google to:

    A single Google service account can be used to enable all or any of these features in FortiDLP, so we have therefore provided one set of instructions and indicated where you can optionally grant access for a feature.

    A summary of the setup steps is as follows:

    Setup steps
    Step Description
    1. How to create a Google project and service account and retrieve credentials First, you need to create a Google Cloud project and service account and then retrieve the service account's credentials by generating a private key. This will allow FortiDLP to make authorized calls to Google APIs.
    2. How to grant the service account API access permissions Next, you need to grant the service account permissions which correspond to the features you want to enable.
    3. How to enable the Google Admin SDK API Next, you need to enable the Google Admin SDK API for your project.
    4. How to add the service account credentials to FortiDLP

    Next, you need to add the credentials to the Google credentials modal, accessible from any Google feature configuration section in the FortiDLP Console's Admin settings.

    Note

    Credentials can be shared across each feature, so you only need to add the credentials once.
    5. How to integrate Google features with FortiDLP Finally, depending on which integration permissions you have granted the service account, you need to configure and enable each feature in the relevant section of theFortiDLP Console's Admin settings.

    1. How to create a Google project and service account and retrieve credentials
    1. Go to https://console.developers.google.com/iam-admin/serviceaccounts.
    2. In the left-hand panel, click Service accounts.
    3. Click Create Project.
    4. In the New Project window, type a unique name for the project.
    5. In the Organization list, if your domain is not already selected, click your domain name.
    6. In the Location list, if your domain is not already selected, click Browse and click your domain name.
    7. Click Create.
    8. On the left-hand side of the menu bar, to the right of your project name, click the downward-pointing arrow icon.
    9. In the Select from window, make a note of the project ID that displays in the right column.
    10. Click Cancel to close the window.
    11. Below the menu bar, click Create Service Account.
    12. In the Service account name field, type a name for the service account.
      The Service account ID field is automatically populated.
    13. In the Service account description field, type a description of the service account.
    14. Click Create and continue.
    15. Click Continue.
    16. Click Done.
    17. Copy the service account's value displayed in the Client ID field in the table, and keep it somewhere safe.
    18. In the Actions column for the service account, click the three vertical dots icon, and then click Manage keys.
    19. In the Add key drop-down list, select Create new key.
    20. In the Create private key for <service account> dialog, leave the JSON radio button selected, and click Create.
      Caution

      You must store this file securely. The JSON file contains your service account credentials, which provide access to Google resources.

    21. Click Close.
    2. How to grant the service account API access permissions
    1. Go to http://admin.google.com/ac/owl/domainwidedelegation.
    2. Sign in to your Google super administrator account.
    3. Click Add new.
    4. In the Client ID field, paste the service account's Client ID retrieved in 1. How to create a Google project and service account and retrieve credentials.
    5. Do at least one of the following:
      • To allow FortiDLP to sync Google Workspace users, in the OAuth scopes (comma-delimited) field, paste the following:
        • https://www.googleapis.com/auth/admin.directory.user.readonly, https://www.googleapis.com/auth/admin.directory.group.readonly,
      • To allow FortiDLP to collect Google Drive events, in the OAuth scopes (comma-delimited) field, paste the following:
        • https://www.googleapis.com/auth/admin.reports.audit.readonly, https://www.googleapis.com/auth/admin.reports.usage.readonly
    6. Click Authorise.
    3. How to enable the Google Admin SDK API
    1. Go to https://console.developers.google.com/apis/api/admin.googleapis.com/overview.
    2. Select the project you created in 1. How to create a Google project and service account and retrieve credentials.
    3. Click Enable.
    4. How to add the service account credentials to FortiDLP

    The same Google credentials modal is used across all Google features, so credentials only need to be added once from any feature section.

    1. In the FortiDLP Console, on the left-hand side bar, click .
    2. Do one of the following:
      • To add the credentials to the Google Workspace directory section:
        1. Do one of the following:
          • Under Users, select Google directory.
          • Under Integrations > Google, select Directory.
        2. Click Add new directory.
        3. Under Authentication settings, click Manage credentials.
      • To add the credentials to the Google Drive Connector section:
        1. Under Integrations > Google, select Connectors.
        2. On the top-right corner of the page, click Add new connector.
        3. Under Authentication, click Manage credentials.
    3. Click Create new.
    4. Under Authentication settings, click Manage credentials.
    5. Click Create new.

    6. In the Name field, enter a name to identify the credentials, for example, "Google service account credentials".
    7. In the Admin email field, enter the email of the super administrator account that was used to grant the service account API access permissions in 2. How to grant the service account API access permissions.
    8. In the Credentials JSON field, paste the credentials JSON file content retrieved in 1. How to create a Google project and service account and retrieve credentials.
    9. Click Verify.
      FortiDLP will indicate whether the connection is successful and what feature permissions are granted.
    10. Click Create.
    11. Click Cancel to close the modal.
    5. How to integrate Google features with FortiDLP

    Depending on which permissions you added to the service account, do the following:

    Previous
    Next

    Google credentials

    Google credentials

    FortiDLP can be integrated with Google to:

    A single Google service account can be used to enable all or any of these features in FortiDLP, so we have therefore provided one set of instructions and indicated where you can optionally grant access for a feature.

    A summary of the setup steps is as follows:

    Setup steps
    Step Description
    1. How to create a Google project and service account and retrieve credentials First, you need to create a Google Cloud project and service account and then retrieve the service account's credentials by generating a private key. This will allow FortiDLP to make authorized calls to Google APIs.
    2. How to grant the service account API access permissions Next, you need to grant the service account permissions which correspond to the features you want to enable.
    3. How to enable the Google Admin SDK API Next, you need to enable the Google Admin SDK API for your project.
    4. How to add the service account credentials to FortiDLP

    Next, you need to add the credentials to the Google credentials modal, accessible from any Google feature configuration section in the FortiDLP Console's Admin settings.

    Note

    Credentials can be shared across each feature, so you only need to add the credentials once.
    5. How to integrate Google features with FortiDLP Finally, depending on which integration permissions you have granted the service account, you need to configure and enable each feature in the relevant section of theFortiDLP Console's Admin settings.

    1. How to create a Google project and service account and retrieve credentials
    1. Go to https://console.developers.google.com/iam-admin/serviceaccounts.
    2. In the left-hand panel, click Service accounts.
    3. Click Create Project.
    4. In the New Project window, type a unique name for the project.
    5. In the Organization list, if your domain is not already selected, click your domain name.
    6. In the Location list, if your domain is not already selected, click Browse and click your domain name.
    7. Click Create.
    8. On the left-hand side of the menu bar, to the right of your project name, click the downward-pointing arrow icon.
    9. In the Select from window, make a note of the project ID that displays in the right column.
    10. Click Cancel to close the window.
    11. Below the menu bar, click Create Service Account.
    12. In the Service account name field, type a name for the service account.
      The Service account ID field is automatically populated.
    13. In the Service account description field, type a description of the service account.
    14. Click Create and continue.
    15. Click Continue.
    16. Click Done.
    17. Copy the service account's value displayed in the Client ID field in the table, and keep it somewhere safe.
    18. In the Actions column for the service account, click the three vertical dots icon, and then click Manage keys.
    19. In the Add key drop-down list, select Create new key.
    20. In the Create private key for <service account> dialog, leave the JSON radio button selected, and click Create.
      Caution

      You must store this file securely. The JSON file contains your service account credentials, which provide access to Google resources.

    21. Click Close.
    2. How to grant the service account API access permissions
    1. Go to http://admin.google.com/ac/owl/domainwidedelegation.
    2. Sign in to your Google super administrator account.
    3. Click Add new.
    4. In the Client ID field, paste the service account's Client ID retrieved in 1. How to create a Google project and service account and retrieve credentials.
    5. Do at least one of the following:
      • To allow FortiDLP to sync Google Workspace users, in the OAuth scopes (comma-delimited) field, paste the following:
        • https://www.googleapis.com/auth/admin.directory.user.readonly, https://www.googleapis.com/auth/admin.directory.group.readonly,
      • To allow FortiDLP to collect Google Drive events, in the OAuth scopes (comma-delimited) field, paste the following:
        • https://www.googleapis.com/auth/admin.reports.audit.readonly, https://www.googleapis.com/auth/admin.reports.usage.readonly
    6. Click Authorise.
    3. How to enable the Google Admin SDK API
    1. Go to https://console.developers.google.com/apis/api/admin.googleapis.com/overview.
    2. Select the project you created in 1. How to create a Google project and service account and retrieve credentials.
    3. Click Enable.
    4. How to add the service account credentials to FortiDLP

    The same Google credentials modal is used across all Google features, so credentials only need to be added once from any feature section.

    1. In the FortiDLP Console, on the left-hand side bar, click .
    2. Do one of the following:
      • To add the credentials to the Google Workspace directory section:
        1. Do one of the following:
          • Under Users, select Google directory.
          • Under Integrations > Google, select Directory.
        2. Click Add new directory.
        3. Under Authentication settings, click Manage credentials.
      • To add the credentials to the Google Drive Connector section:
        1. Under Integrations > Google, select Connectors.
        2. On the top-right corner of the page, click Add new connector.
        3. Under Authentication, click Manage credentials.
    3. Click Create new.
    4. Under Authentication settings, click Manage credentials.
    5. Click Create new.

    6. In the Name field, enter a name to identify the credentials, for example, "Google service account credentials".
    7. In the Admin email field, enter the email of the super administrator account that was used to grant the service account API access permissions in 2. How to grant the service account API access permissions.
    8. In the Credentials JSON field, paste the credentials JSON file content retrieved in 1. How to create a Google project and service account and retrieve credentials.
    9. Click Verify.
      FortiDLP will indicate whether the connection is successful and what feature permissions are granted.
    10. Click Create.
    11. Click Cancel to close the modal.
    5. How to integrate Google features with FortiDLP

    Depending on which permissions you added to the service account, do the following:

    Previous
    Next