Skip to main content
Welcome to Virtru's support portal. As we work to make this page more accessible to screen readers, please contact us at support@virtru.com for technical support.

Google Console/Admin Changes

  • Updated

About

This guide is designed to help you configure Virtru Private Keystore (for Google Workspace CSE)

Assumptions

  • Create a CSE project folder ( e.g., Virtru).
  • This document assumes you have administrative privileges in Google Workspace.

Step 1: Enable Required API & Services

The following API & Services might be needed for this deployment to be successful and have the application functioning as expected. Please enable them accordingly and ensure you are following your organization standards.

Note: You do not need to create credentials for these API & Services. However, please make sure follow your organization standards

  1. Enable Identity and Access Management (IAM) API - This API allows programmatic management of permissions and roles for resources across Google Cloud Platform (GCP).
  2. Enable OAuth 2.0 Client ID - Needed for creating OAuth credentials to connect Google Workspace apps with Virtru.
  3. Enable Google Drive API - Required to enable CSE for Google Drive.
  4. Enable Google Calendar API - Required to enable CSE for Google Calendar.
  5. Enable People API - Helpful for managing and verifying user profiles and permissions in Google Workspace.

Click each link and hit the Enable button to activate the respective APIs for your project.

Step 2: Create a Virtru Project Folder (Optional)

  1. Navigate to Resource Manager:
  2. Create a New Project Folder:
    • Name: "Virtru"
    • Organization: e.g, yourdomain.com
    • Location: Select the new folder as the project location, e.g., yourdomain.com
  3. Assign IAM Roles to users or service accounts under IAM & Admin > IAM.
    • admin@yourdomain.com - This should be the Principal and a user with Console/Workspace admin privileges.
    • User Role - Owner
      Note: creating IAM roles can be optional in some cases, please make sure you are following your organization standards.

Step 3: Create OAuth 2.0 Credentials (If using Google IdP)

Note: Proceed with the steps below only if using Google as your IdP for this implementation.

Note:

If you will be using a third-party IdP, follow these steps linked here (i.e. Okta, etc)

  1. Access Google Cloud Console:
  2. Select the Correct Project (e.g., Virtru):
    • In the top left navigation bar, ensure that you have selected the project you created specifically for Virtru CSE integration.
  3. Navigate to APIs & Services (refer to Step 1):
    • From the Navigation menu (three horizontal lines in the top-left corner), select ENABLE APIs AND SERVICES > Credentials > Enable the APIs & Services from Step 1.
  4. Configure the OAuth Consent Screen:
    • If this is your first time creating credentials, you’ll need to configure the consent screen:
      • Click Configure consent screen.
      • Select User Type (Internal for organizational use only, External for public access if required by your organization).
      • Complete the App Information section
      • Save and Continue through each section, providing details as necessary, then return to the Credentials page.
        Note: Scopes & Test users are not required in this step.
  1. If using Google IdP, create a OAuth 2.0 Client ID:
    • Back in APIs & Services > Credentials, click Create Credentials and select OAuth client ID.
      • Application Type: Web Application
      • Name: Virtru-CSE-OAuth
  2. Specify Authorized JavaScript Origins:
  3. Specify Authorized Redirect URIs:
    • Under Authorized Redirect URIs, add the following URIs provided in the link (these allow the OAuth process to redirect back to your application securely).
  4. Create and Save OAuth Client ID:
    • Click Create to generate the OAuth client ID.
    • Once created, download and save the Client ID + Client Secret—these will be needed for the CSE.env configuration.
  5. Verify and Finalize Setup:
    • Double-check that all URIs are correct and that the consent screen is properly configured.
    • Save your OAuth Client ID and Secret securely for use in your CSE setup.

For next steps, see the CSE Install - First Instance Linux Server, RHEL Server (using Podman) or Kubernetes Server.

Related articles