Skip to main content
Welcome to Virtru's support portal. As we work to make this page more accessible to screen readers, please contact us at support@virtru.com for technical support.

How to Assign Users, Groups, or OUs to an External Key Service

  • Updated

About

This guide is designed to help you configure Virtru Private Keystore (for Google Workspace CSE)

Assumptions

  • An external key service provider (e.g., Virtru CSE) has already been configured and tested.
  • You must have Super Admin privileges in Google Admin Console.
  • You must have completed the Virtru for Google Workspace Domain Sync.

1. Sign in to Google Admin Console

2. Navigate to the CSE Assignment Page

  • From the Admin Console homepage, go to:
    Data > Compliance > Client-side encryption > Assign (External key service assignment)

3. Select the Target Users

  • Choose whether to apply the key service to:
    • Organizational Units (OUs) (e.g.,  Compliance Team)
    • Groups (e.g., virtru-provisioning-group@[yourdomain.com])
  • Use the tabs to switch between Groups and Organizational Units.
  • Select the specific OU or group you want to assign.

4. Assign the Key Service

  • Under Key service, select your key service provider (e.g., Virtru-CSE).
  • Click Save to apply the assignment.

5. Configure Encryption Status by App

  • Under Encryption status by app, turn on encryption for the following:
    • Calendar
    • Drive and Docs
    • Meet
  • ⚠️ Only enable Gmail if CSE for Gmail is already configured in your environment.
  • Click Edit next to each app to enable or disable encryption as needed.

Test the Setup

  • Ask a user in the assigned group or OU to access Google Drive or Calendar.
  • Confirm they are prompted to authenticate via the selected external key service.

 

Related articles