Welcome to Virtru's support portal. As we work to make this page more accessible to screen readers, please contact us at support@virtru.com for technical support.

Articles in this section

Enabling Shared Drive for Virtru for Drive

Avatar
Steven Margolies
  • Updated
Follow

About

Customers with Virtru for Drive subscriptions have various options on how to protect their Drive content. This includes the ability to configure a Google service account for Shared Drive compatibility. This allows users to access encrypted content in any Shared Drive they are a member of.

Jump To:

Background
Service account setup

Background

Virtru needs to make real-time access-based decisions around whether a user is allowed to access content within a particular Shared Drive. To do so, Virtru must utilize a “service account” from Google to make calls to the Shared Drive API. This service account needs the drive.metadata.readonly scope.

The specific calls we will be making are outlined here: Drives: list

A service account is needed because Shared Drive functions differently than My Drive with respect to how files are owned and shared. Shared Drive limits files moving into and out of the Shared Drive and is intended to support established teams with expected membership changes and user turnover. In order to support this complex flow, Virtru must determine access permissions based on Shared Drive membership at the time of each access attempt.

Will a service account always be needed?

Virtru has investigated the available options from Google to ensure that proper file access is maintained for Shared Drive files. With the available APIs, the service account approach outlined in this document is the best path forward.

We are working in partnership with Google to ensure that Shared Drive APIs are evolving and maturing to accommodate more granular permissions.

Service account setup

Please Note:

If you have not been assigned a Virtru representative to assist with Drive installation, please contact your Customer Success Manager or Customer Support prior to completing the steps below. Action is required on the Virtru side to complete the installation.

1. As a G Suite admin, go to https://console.developers.google.com/iam-admin/serviceaccounts/

2. Select create a NEW PROJECT for the domain.

New project

3. Name the project and click CREATE.

Create project

4. Choose + CREATE SERVICE ACCOUNT

Service Account

5. Enter any name and click CREATE
Example: (Virtru for Drive)

Create service account

6. Select a Role: "Service Account User"

Service account user

7. For Grant users access to this service account, leave the default.

8. Select + CREATE KEY at the bottom, select the JSON key type and click CREATE.

Create Key

JSON Key

9. After the key has been created click Done

10. Select the service account that you just created by clicking on the service account email link and then click edit at the top.

11. Select the show domain-wide delegation drop-down and check Enable G-suite wide delegation

Enable G Suite

12. Enter a product name for the consent screen

13. Copy the Unique ID from your newly created service account

14. Click Save at the bottom

15. Go to https://admin.google.com

16. Go to Security > API controls and select MANAGE DOMAIN WIDE DELEGATION 

MANAGE DOMAIN WIDE DELEGATION button

17. Click Add new, paste the Client ID you copied, and add the following to the `OAuth scopes` field: https://www.googleapis.com/auth/drive.metadata.readonly

18. Click AUTHORIZE

Add a new client ID box

19. Navigate to: https://console.developers.google.com/

20. Click ENABLE APIS AND SERVICES at the top of the page

Enable APIS and Services

21. Search for Drive

Search for Drive

22. Click the Drive tile

23. ENABLE the Drive API

Enable Google Drive API

24. Securely send your Virtru representative, the “.json” file that was saved in Step 8. 

Related articles