Skip to main content

Who is this article for?

Incydr
Code42 for Enterprise
CrashPlan for Enterprise
CrashPlan for Small Business

Incydr, yes.

CrashPlan for Enterprise, no.

Code42 for Enterprise, yes.

CrashPlan for Small Business, no.

This article applies to Code42 cloud environments.

HOME
GETTING STARTED
RELEASE NOTES
FAQS
SYSTEM STATUS
Code42 Support

Allow Code42 access to Gmail

Who is this article for?

Incydr
Code42 for Enterprise
CrashPlan for Enterprise
CrashPlan for Small Business

Incydr, yes.

CrashPlan for Enterprise, no.

Code42 for Enterprise, yes.

CrashPlan for Small Business, no.

This article applies to Code42 cloud environments.

Overview

To help protect you from data loss, you can use Code42 to investigate attachments sent through your organization's Google Gmail user accounts.

When you add Gmail as a data source, you must authorize Code42 as a registered client API using your administrator account in G Suite. Once connected, we monitor your organization's Gmail environment from that point forward to capture information about the attachments that a user has emailed.

This article explains how to add Gmail as a data source. 

Considerations

  • You must be licensed for the Gmail email service. If your license expires, the Gmail data source is deauthorized within 24 hours. If you need assistance with licensing, contact your Customer Success Manager (CSM). If you're not sure how to reach your CSM, email csmsupport@code42.com and we will connect you.
  • To allow Code42 access to Gmail, you must be a G Suite administrator with a Super Admin role.
  • Once authorized, Code42 has access to file and message metadata on file attachments emailed through Gmail from that point forward. Learn more about what Code42 monitors
  • Once authorized, all of your organization's Gmail users are monitored. When new users are added to your organization's Gmail environment, information about any attachments they email also becomes available in Forensic Search automatically.
  • We only monitor email attachments; email message content is not accessed, monitored, or changed.
  • You cannot edit the authenticating administrator information once you register the cloud service. If you need to change that information, you must deauthorize and reauthorize the Gmail data source. 
  • Data sources are not available in the Code42 federal environment.
Monitoring and alerting tools may report download activity
Code42 temporarily streams files from your data source to the Code42 cloud to calculate the file hash. This may be reported as users downloading files.

Code42 never stores file contents or writes them to disk during this process.

Before you begin

Enable File Metadata Collection (formerly Forensic File Search) before adding Gmail as an email data source.

Steps

Step 1: Connect Code42 and Gmail

  1. Sign in to the Code42 console
  2. Add a cloud service connection:
    1. Select Investigation > Data Sources.
      Data sources
    2. Click Add Data Source.
      The Add Data Source dialog appears.
    3. From Data Source, select Google Gmail under Email Services.
      Note the Client ID and Scopes details that appear on the bottom of the screen. You will need this information later in this procedure.
    4. Enter a display name. This display name must be unique.
      Add Gmail data source
  3. Authorize the Code42 app in Google:
    1. Go to your Google Admin console and log in using your G Suite administrator email and password. This email address must be associated with a G Suite administrator that has the Super Admin role.
    2. Go to Security > Advanced Settings. 
      Or, select Security > API controls from the menu.
    3. In the Domain wide delegation panel, click Manage domain wide delegation.
      The Domain-wide delegation page displays.
    4. Click Add new.
      The Add a new client ID window displays.
    5. Copy the Client ID from the Code42 console and paste it in the Client ID field. 
    6. Copy the Scopes from the Code42 console and paste it in the OAuth scopes (comma-delimited) field.
    7. Click Authorize
      The Code42 email service is added to the API client table.

Step 2: Verify your G Suite administrator email

  1. Return to the Code42 console.
  2. In the Add Cloud Service Connection dialog, click Continue. 
    The G Suite Super Admin Email Address panel displays.
    Verify Gmail data source connection
  3. Enter the G Suite email address that you used earlier to log in to the Google Admin console. 
Requires Super Admin role
This email address must be associated with a G Suite administrator that has the Super Admin role.
  1. Click Authorize.
    Gmail is added as an email data source.

Next steps

Once you have added Gmail as a data source, learn more about:

Gmail attachment metadata

Once you complete authorization, file and message information about email attachments becomes available in Forensic Search from that point forward. When a user emails an attachment, information about that attachment typically becomes available in Forensic Search within 30 minutes. This attachment information includes:

  • Filename
  • Hash, when available
  • Email address of the sender and recipients 

Use the Google Admin console to open and view attachments for further investigation.

More information on file activity 
For more information on the specific metadata and file events visible in Forensic Search, see the Forensic Search reference guide

Gmail permissions

When a user emails an attachment, we collect information about the attached file and the sender and recipients for the email. To see this file activity, Code42 requires access to your Gmail environment. 

In the configuration steps above, Code42 provides the client ID and scopes for you to enter in your Google Admin console. Code42 uses the following scopes

Copied!
https://www.googleapis.com/auth/admin.directory.customer.readonly
https://www.googleapis.com/auth/admin.directory.user.readonly
https://www.googleapis.com/auth/gmail.readonly

This set of permissions means Code42 has read-only access to metadata for emails, attached files, users, and the data loss prevention activity feed (applicable to Microsoft Office 365 only) within that email data source. In other words, Code42 cannot make changes to the emails, data, or users in your email environment. In addition, Code42 does not monitor the contents of those files, and does not back up files in the email data source.

Troubleshooting

Slowed performance

Google uses API quotas to limit API requests from third-party integrations such as Code42. Throttling these API requests allows Google to better control their resources, but may slow down Code42 file metadata collection, especially after first enabling Code42 access to Gmail.

For faster performance, perform the following in the G Suite Admin Console:

  • Increase the quotas for the Code42 integration.
  • Add additional Super Admin users, which will enable Code42 to process data more quickly.

Email domain already exists

You can only authorize a G Suite account as a data source for your Code42 environment once as a cloud service (to monitor file movement in Google Drive locations) and once as an email service (to monitor file attachments sent outside your company). 

When you attempt to register the same G Suite account for multiple cloud or email services, the following message appears: “A data source with that email domain already exists.” 

To resolve the issue:

  • Verify that the account has been added only once as a cloud service or only once as an email service.
  • Consider creating another G Suite account for the data you want to monitor using a new email address under a different domain. You can add multiple unique G Suite accounts as Code42 data sources as long as the accounts are not associated in any way.

Data source is already registered or the email address is not valid

You can only authorize a unique G Suite account for one Code42 environment at a time. If you attempt to register the same G Suite account in multiple Code42 environments, the following message appears: “This data source has already been registered or the email address is not valid for this domain.” For example, you register a Google Drive cloud service in one Code42 environment, then register a Gmail email service in another Code42 environment. Both belong to the same G Suite account. 

To resolve the issue:

  • Verify the Code42 environment with which the G Suite account has been registered. If you need to register the G Suite account with a different Code42 environment, first deauthorize it from the Code42 environment it is currently registered with, then wait for 90 days for the data for that data source to be purged automatically. To purge the data for that data source more quickly, contact your Customer Success Manager (CSM).
  • Consider creating another G Suite account for the data you want to monitor in another Code42 environment using a new email address under a different domain.

Related topics

  • Was this article helpful?