On This Page
Virtru for G Suite Domains Marketplace Application
Follow our instructions here for installing Virtru on your Gsuite domain:
By installing Virtru at the domain level, you'll gain the ability to read secure messages sent to alias and group addresses. You'll also grant Virtru admin status to all G Suite Super Admins for your domain. This process must be carried out by a G Suite Super Admin.
Steps to Install
- Return to the main page of your G Suite admin console and select Apps, followed by Marketplace Apps.
- Click the + to add a new app; search for Virtru Data Protection for G Suite and add the app.
- When prompted, click "Continue" to begin the installation.
Under Turn ON for: you must select the top-level domain. We do not currently support installing for only certain sub-organizations.
- Click "Next" to move past the first of two "Success" modals.
- In step 2 of 2, click Complete additional setup now to begin syncing your domain's user list with Virtru. If prompted to sign in with Google again, use your same Super Admin account.
- When complete, you'll see a success screen showing the number of users, groups, and aliases we've found in your domain. You're done!
When installing the Virtru Marketplace app as a G Suite Super Administrator, you will be asked to grant permissions to your domains directory objects. This installation allows Virtru to reach into your G Suite domain to gather the identity objects associated with users.
This synchronization allows Virtru to:
- Handle aliases - Knowing that a primary userid should have access to encryption keys association for messages sent to aliases
- Identify Google Group membership - knowing that a userid should have access to encryption policies associated with Google Groups
- OU membership - Being able to enforce settings and rules by OU
- Administration Capability - Identify G Suite administrators that can request encryption keys on behalf of users on the domain
- Delegated inboxes - Allow delegated users to decrypt messages on behalf of delegates.
When installing the Virtru Marketplace app, you will notice that Virtru is not asking for permission to reach into G Suite mailboxes for content. All encryption and decryption occur in Virtru clients and at no time does Virtru's SaaS have access to your content. As we noted, this Marketplace app must be enabled for all users on the domain. If you subset the app to an OU, we are unable to pull in Google Group information since these live outside of the OU structure. This will cause the synchronization to fail behind the scenes.
We are using the Manage Users endpoint in the G Suite Directory API. We specifically filter for:
- List of the user's alias email addresses.
- The customer ID to retrieve all account users. You can use the alias my_customerto represent your account's customerId. As a reseller administrator, you can use the resold customer account's customerId. To get a customerId, use the account's primary domain in the domain parameter of a users.list request.
- A list of the user's email addresses.
- Indicates a user with super administrator privileges.
- List of the user's non-editable alias email addresses. These are typically outside the account's primary domain or sub-domain.
- The full path of the parent organization associated with the user. If the parent organization is the top-level, it is represented as a forward slash (/).
- The user's primary email address. This property is required in a request to create a user account. The primaryEmail must be unique and cannot be an alias of another user.
This API dictates the permissions that must granted to use the Directory API. The Marketplace app will specifically ask for permissions
To gain access to these objects, the Virtru Marketplace requests permissions to:
- View domains related to your customers
- View domain aliases and multi-domains (secondary domains) for your customers
- View groups on your domain
- View details (e.g., name, members) and metadata (e.g., login details) of groups on your domain
- View organization units on your domain
- View metadata (e.g., name and description) of organization units
- View users on your domain
- View details (e.g., name, address, and phone number) and metadata (e.g., login details) of users on your domain
- Know the list of people in your circles, your age range, and language
- View the list of people you've connected to on Google+ View your age range, and language
- Know who you are on Google
- This app is requesting permission to associate you with your public Google profile.
- View your email address
- View the email address associated with your account
- View your basic profile info
- View your full name, profile picture and profile URL View any publicly available information on your Google+ profile (if you have one or create one in the future) Learn more about your Google+ profile.