Begin Scanning Third-Party Apps on the G Suite Marketplace
Before you begin scanning third-party apps, you must create a service account and enable Administrator and client API access in G Suite. As you prepare the G Suite account, take note of the following values, as they are required to complete the setup of the G Suite Marketplace app within Aperture:
New Private Key
A P12 format private key certificate issued from your Google service account. This required certificate is uploaded in Aperture when adding the G Suite Marketplace app.
Private Key Password
The default password for the new private key.
The client ID is entered when enabling G Suite domain-wide delegation, and in Aperture when adding the G Suite Marketplace app.
Google Administrator email
The email entered to create a service account in G Suite Marketplace, and in Aperture when adding the G Suite Marketplace app.
- Create a service account in Google for G Suite
- Log in to Google Developer Console as the G Suite administrator.If you have not used the Developer Console before, Agree to the Google Cloud Platform Terms of Service.
- At the top of the screen next to your most recent
project name, click
to open your projects list and then Create a new project.
- Select your organization (domain) and click
to create your new project.
- Name your project Aperture G Suite and Create the project.
- Click the
and then Create Project: Aperture G Suite.
- Search for Credentials and select Credentials API Manager.
- Select OAuth Consent and enter Aperture G Suite in Product Name Shown to Users and Save the project.
- Select CredentialsCreate CredentialsService Account Key.
- Select P12 as the Key
Type and Create the service account
key.Select Create Without Role if a warning message displays.
- A default password and new private key are issued, Save the new
private key to your computer.Store the private key securely as the key cannot be recovered if lost, and is required for adding the G Suite app in Aperture.
- Select CredentialsManage Service Accounts.
- Click the three dots to the right of the service account you created and select Edit.
- Enable G Suite Domain-wide Delegation and Save the setting.
- Click View Client ID for Aperture
G Suite.Note the value of the Client ID, and Save the ID.
- Log in to Google Developer Console as the G Suite administrator.
- Enable API Access in G Suite.
- In your service account, select CredentialsAPI ManagerDashboardEnable API.
- Select G Suite Admin SDK API, and then Enable the API.
- Go back to DashboardEnable APIG Suite APIs and Enable the Drive API.
- In Google APIs, Search for and Enable the Audit API.
- Enable API Client access to G Suite.
- In a new browser window, log in to Google Admin Account as the G Suite Administrator.
- Select SecurityShow more.
- Select Advanced SettingsManage API Client Access.
- Enter the Client ID previously
noted in Client Name.Copy and paste the following scope in One or More API Scopes, and then Authorize access to data in Google services.
https://www.googleapis.com/auth/userinfo.email,https://www.googleapis.com/auth/userinfo.profile,https://www.googleapis.com/auth/drive.apps.readonly,https://www.googleapis.com/auth/admin.directory.user.readonly,https://www.googleapis.com/auth/admin.directory.user.security,https://www.googleapis.com/auth/admin.reports.audit.readonlyCode copied to clipboardUnable to copy due to lack of browser support.
- Add the G Suite app.
- From the Aperture Dashboard, Add a
- Select G Suite and then Click here to prepare your G Suite Account.
- Enter the Google Administrator Email, the Client ID previously noted, and click Upload Certificate to upload the P12 format private key certificate issued from your Google service account. Click OK.
- Connect to G Suite Account.Upon successful authentication, the new G Suite app is listed in Cloud Apps as G Suite n, where n is the number of G Suite app instances that you have connected to the Aperture service, for example G Suite 1.
- Review and Accept the changes that the Aperture service can perform on your assets in G Suite.
- From the Aperture Dashboard, Add a Cloud App.
- Add policy rules.When you add a new cloud app, the Aperture service automatically scans the app against the default data patterns and displays the match occurrences. As a best practice, consider the business use of your app to determine whether you want to Add a New Policy Rule for Content to look for risks unique to the new app.
- Define third-party app scan settings.
- (Optional) Configure or edit a data pattern.When you add a new cloud app, the Aperture service automatically scans the app against the default data patterns and displays the match occurrences. You can Configure Data Patterns to identify specific strings of text, characters, words, or patterns to make it possible to find all instances of text that match a data pattern you specify.
- Monitor the results of the scan.
Add Cloud Apps to the Aperture Service
Add Cloud Apps to the Aperture Service To begin securing the Supported SaaS Applications The Aperture service provides a consistent security policy for your SaaS ...
Begin Scanning a Google Cloud Storage App
Begin Scanning a Google Cloud Storage App Before you begin scanning a Google Cloud Storage app, you must create a service account and enable Administrator ...
Supported SaaS Applications
The Aperture service provides a consistent security policy for your SaaS applications to detect data exfiltration and malware propagation. ...
Begin Scanning a Google Drive App
Add your Google Drive App to the Aperture service to begin scanning and monitoring assets for possible security risks. ...
Configure Unsanctioned Device Access Control
Use the Aperture service as a SAML proxy between your Identity Provider and next generation firewall to control access to your sanctioned SaaS applications. ...
New Features Introduced in June 2017
New Features Introduced in June 2017 The following table provides a snapshot of new features introduced for Aperture™ in June 2017. Refer to the Aperture ...
New Features Introduced in April 2017
New Features Introduced in April 2017 The following table provides a snapshot of new features introduced for Aperture™ in April 2017. Refer to the Aperture ...
Configure Unsanctioned Device Access Control
Configure Unsanctioned Device Access Control You can control unsanctioned and employee-owned device access to your network and redirect device traffic to the next generation firewall ...
Begin Scanning a Gmail App
Begin Scanning a Gmail App To begin scanning a Gmail app: Enable the privileges required for communication between the Aperture service and the Gmail app. ...