Begin Scanning Third-Party Apps on the G Suite Marketplace
Enable Prisma SaaS to discover third-party apps that your users attempt to install from G Suite Marketplace.
Prisma SaaS can discover third-party apps that your users attempt to install from G Suite Marketplace. To protect your application ecosystem from unsanctioned third-party apps, enable Prisma SaaS to scan for them by adding the G Suite Marketplace app.
Before you begin, you must create a service account and enable Administrator and client API access in G Suite. As you prepare the G Suite account, take note of the following values, as they are required to complete the setup of the G Suite Marketplace app on Prisma SaaS:
New Private Key
A P12 format private key certificate issued from your Google service account. This required certificate is uploaded on Prisma SaaS when adding the G Suite Marketplace app.
Private Key Password
The default password for the new private key.
The client ID is entered when enabling G Suite domain-wide delegation, and on Prisma SaaS when adding the G Suite Marketplace app.
Google Administrator email
The email entered to create a service account in G Suite Marketplace, and on Prisma SaaS when adding the G Suite Marketplace app.
- Create a service account in Google for G Suite Marketplace.
- Log in to Google Developer Console as the G Suite administrator.If you have not used the Developer Console before,Agreeto the Google Cloud Platform Terms of Service.
- At the top of the screen next to your most recent project name, open your project list and thenCreate a new project.
- Select your organization (domain) and add your new project.
- Name your project andCreatethe product.
- ClickNotificationsand selectCreate Project: <project name>.
- Search forCredentialsand selectCredentials API Manager.
- SelectOAuth Consentand enter your<project name>inProduct Name Shown to Users, andSavethe project.
- Select.CredentialsCreate CredentialsService Account Key
- SelectP12as theKey TypeandCreatethe service account key.SelectCreate Without Roleif a warning message displays.
- After a default password and new private key are issued,Savethe new private key to your computer.Store the private key securely as the key cannot be recovered if lost, and is required for adding the G Suite app on Prisma SaaS.
- Select.CredentialsManage Service Accounts
- Click the three dots to the right of the service account and selectEdit.
- Enable G Suite Domain-wide DelegationandSave.
- ClickView Client IDfor<project name>.Note the value of the Client ID, andSave.
- Enable API Access in G Suite.
- On your service account, select.CredentialsAPI ManagerDashboardEnable API
- ClickGoogle APIsand selectDrive APIandAdmin SDKunder G Suite APIs.
- Enablethe API.
- Return toandDashboardEnable APIG Suite APIsEnabletheDrive API.
- InGoogle APIs,Searchfor andEnabletheAudit API.
- Enable API Client access to G Suite.
- In a new browser window, log in to Google Admin Account as the G Suite Administrator.
- Select.SecurityShow more
- Select.Advanced SettingsManage API Client Access
- Enter theClient IDpreviously noted inClient Name.Copy and paste the following scope inOne or More API Scopes, and thenAuthorizeaccess to data in Google services.https://www.googleapis.com/auth/userinfo.email,https://www.googleapis.com/auth/userinfo.profile,https://www.googleapis.com/auth/drive.apps.readonly,https://www.googleapis.com/auth/admin.directory.user.readonly,https://www.googleapis.com/auth/admin.directory.user.security,https://www.googleapis.com/auth/admin.reports.audit.readonly
- Add the G Suite app.
- On the Prisma SaaSDashboard,Add a Cloud App.
- SelectG Suite, thenClick here to prepare your G Suite Account.
- Enter theGoogle Administrator Email, theClient IDyou previously noted, clickUpload Certificateto upload the P12 format private key certificate issued from your Google service account, and clickOK.
- Connect to G Suite Account.Upon successful authentication, the new G Suite app is listed in Cloud Apps as G Suiten,wherenis the number of G Suite app instances that you have connected to Prisma SaaS, for example G Suite 1.
- Review andAcceptthe permissions for Prisma SaaS when scanning your assets on G Suite.
- Add policy rules.When you add a new cloud app, Prisma SaaS automatically scans the app against the default data patterns and displays the match occurrences. As a best practice, consider the business use of your app to determine whether you want to Add a New Asset Rule to look for risks unique to any G Suite Marketplace apps.
- (Optional) Configure or edit a data pattern.You can Configure Data Patterns (Basic DLP) to identify specific strings of text, characters, words, or patterns to make it possible to find all instances of text that match a data pattern you specify.