Begin Scanning Third-Party Apps on the G Suite Marketplace

Before you begin scanning third-party apps, you must create a service account and enable Administrator and client API access in G Suite. As you prepare the G Suite account, take note of the following values, as they are required to complete the setup of the G Suite Marketplace app within Aperture:
ItemDescription
New Private Key
A P12 format private key certificate issued from your Google service account. This required certificate is uploaded in Aperture when adding the G Suite Marketplace app.
Private Key Password
The default password for the new private key.
Client ID
The client ID is entered when enabling G Suite domain-wide delegation, and in Aperture when adding the G Suite Marketplace app.
Google Administrator email
The email entered to create a service account in G Suite Marketplace, and in Aperture when adding the G Suite Marketplace app.
  1. Create a service account in Google for G Suite Marketplace.
    1. Log in to Google Developer Console as the G Suite administrator.
      If you have not used the Developer Console before, Agree to the Google Cloud Platform Terms of Service.
    2. At the top of the screen next to your most recent project name, click
      down-pointer.png
      to open your projects list and then Create a new project.
      g-suite-login-console.png
    3. Select your organization (domain) and click
      plus.png
      to create your new project.
      g-suite-config-new-project.png
    4. Name your project Aperture G Suite and Create the project.
    5. Click the
      notification.png
      and then Create Project: Aperture G Suite.
      g-suite-create-aperture-project.png
    6. Search for Credentials and select Credentials API Manager.
    7. Select OAuth Consent and enter Aperture G Suite in Product Name Shown to Users and Save the project.
      g-suite-config-credentials.png
    8. Select CredentialsCreate CredentialsService Account Key.
      g-suite-select-credentials.png
    9. Select P12 as the Key Type and Create the service account key.
      Select Create Without Role if a warning message displays.
      g-suite-create-service-account-key.png
    10. A default password and new private key are issued, Save the new private key to your computer.
      Store the private key securely as the key cannot be recovered if lost, and is required for adding the G Suite app in Aperture.
      g-suite-new-private-key-no-pw.png
    11. Select CredentialsManage Service Accounts.
      g-suite-credentials.png
    12. Click the three dots to the right of the service account you created and select Edit.
      g-suite-create-service-account-edit.png
    13. Enable G Suite Domain-wide Delegation and Save the setting.
      g-suite-edit-service-account.png
    14. Click View Client ID for Aperture G Suite.
      g-suite-view-client-id.png
      Note the value of the Client ID, and Save the ID.
      g-suite-manage-service-account.png
  2. Enable API Access in G Suite.
    1. In your service account, select CredentialsAPI ManagerDashboardEnable API.
      g-suite-enable-api.png
    2. Select G Suite Admin SDK API, and then Enable the API.
      g-suite-admin-sdk-api.png
      g-suite-enable-admin-sdk-api.png
    3. Go back to DashboardEnable APIG Suite APIs and Enable the Drive API.
    4. In Google APIs, Search for and Enable the Audit API.
      g-suite-audit-api.png
  3. Enable API Client access to G Suite.
    1. In a new browser window, log in to Google Admin Account as the G Suite Administrator.
    2. Select SecurityShow more.
      g-suite-api-client-more.png
    3. Select Advanced SettingsManage API Client Access.
      g-suite-api-client-advanced-settings.png
    4. Enter the Client ID previously noted in Client Name.
      g-suite-api-client-manage-access.png
      Copy and paste the following scope in One or More API Scopes, and then Authorize access to data in Google services.
      https://www.googleapis.com/auth/userinfo.email,https://www.googleapis.com/auth/userinfo.profile,https://www.googleapis.com/auth/drive.apps.readonly,https://www.googleapis.com/auth/admin.directory.user.readonly,https://www.googleapis.com/auth/admin.directory.user.security,https://www.googleapis.com/auth/admin.reports.audit.readonly
      Code copied to clipboard
      Unable to copy due to lack of browser support.
  4. Add the G Suite app.
    1. From the Aperture Dashboard, Add a Cloud App.
      google-tile-frame-prod.png
    2. Select G Suite and then Click here to prepare your G Suite Account.
    3. Enter the Google Administrator Email, the Client ID previously noted, and click Upload Certificate to upload the P12 format private key certificate issued from your Google service account. Click OK.
    4. Connect to G Suite Account.
      Upon successful authentication, the new G Suite app is listed in Cloud Apps as G Suite n, where n is the number of G Suite app instances that you have connected to the Aperture service, for example G Suite 1.
    5. Review and Accept the changes that the Aperture service can perform on your assets in G Suite.
  5. Add policy rules.
    When you add a new cloud app, the Aperture service automatically scans the app against the default data patterns and displays the match occurrences. As a best practice, consider the business use of your app to determine whether you want to Add a New Policy Rule for Content to look for risks unique to the new app.
  6. Define third-party app scan settings.
  7. (Optional) Configure or edit a data pattern.
    When you add a new cloud app, the Aperture service automatically scans the app against the default data patterns and displays the match occurrences. You can Configure Data Patterns to identify specific strings of text, characters, words, or patterns to make it possible to find all instances of text that match a data pattern you specify.
  8. Monitor the results of the scan.
    As the Aperture service starts scanning files and matching them against the settings, to view the results, ExploreThird-Party Apps. To assess and remediate the results:
    po-explore-third-party-apps.png

Related Documentation