About
This guide is designed to help you configure Virtru Private Keystore (for Google Workspace CSE). This setup will allow Google Identity Provider (IdP) to authenticate users for Virtru's CSE with Google Workspace Applications. Please refer to Google's official documentation when configuring your application.
Assumptions
-
Create a CSE project folder ( e.g., Virtru).
-
This document assumes you have administrative privileges in Google Workspace.
-
This document assumes you have completed steps 1 -3 in the Google Console/Admin Changes.
-
This document assumes you have the VPK installed on a server.
Note: This setup should be completed after the VPK for Google server is up and running.
Note:
If you will be using a third-party IdP (i.e. Okta, etc), follow these steps linked here.
-
Access Google Admin Console:
- Go to the Google Admin Console and sign in with an admin account.
- Navigate to Data > Compliance > Client-side encryption
-
Encryption with external key service > Click Add
- Name: Virtru-CSE
- URL: csesrv.yourdomain.com
- Click TEST CONNECTION > ADD SERVICE
-
Add OAuth Client ID for Virtru:
- In Identity provider configuration, click Add/Configure IdP.
- Enter Client ID Details: Use the OAuth 2.0 Client ID and Client Secret from your Google Cloud Console setup in Step 3.
-
To Set Google as the Fallback IdP (use Option 2, Step 3 in this link):
- Under Identity provider configuration, select Use Google as fallback IdP. This allows users to authenticate with Google as the default option for CSE.
- Name: Google IDP for Virtru-CSE
- Client ID: Enter the OAuth Client ID - e.g, 123456789-eOauthID.apps.googleusercontent.com
- Discovery URI: https://accounts.google.com/.well-known/openid-configuration
- Click, TEST CONNECTION
- Grant type: Implicit
- Enable Supported Applications: Select applications (Google Drive, Gmail, Meet (optional), Calendar, Docs, Sheets, Slides) to activate CSE with your selected IdPs.
- Save Configuration > Click SAVE to apply settings > Test the IdP Integration by accessing Google Drive and verifying that the Google fallback IdP prompts for authentication. Additional IdPs (like Okta) will appear as options if configured.
-
Select the Apps:
- Calendar, Drive and Docs, Meet (optional), Gmail (only if CSE for Gmail is configured).
- Add Users
-
Add Additional IdPs (Optional):
- Google Workspace supports multiple IdPs, allowing you to add additional IdPs like Okta for future flexibility.
- To add another IdP, repeat the Add IdP step and configure it with the chosen provider’s OAuth credentials.
This configuration provides a flexible authentication setup for Virtru CSE, with Google as the fallback IdP and the option to integrate other providers like Okta if desired. Please refer to Google’s official documentation when configuring IdP for your application.