Connect Code42 to Google Drive
Overview
To help protect you from data loss, you can use Code42 to monitor files moving to and from users' Google Drive.
When you add Google Drive as a data connection, you must authorize Code42 as a registered client API using your administrator account in Google Workspace (formerly G Suite). Once connected, we monitor your organization's Google Drive environment to capture when a user:
This article explains how to add Google Drive as a data connection.
Considerations
The following considerations apply to Google Drive. See also the considerations applicable to all cloud storage environments.
- Code42 can connect to your Google Drive environment only when supported by your Google product plan.
- To allow Code42 access to Google Drive, you must be a Google Workspace administrator with a Super Admin role. See Permissions required for the Google Drive connector for more information.
- Sharing permissions that files inherit from a parent folder are detected as new events for those files. In Forensic Search, the actor for these events identifies the user who applied those sharing permissions to the parent folder.
- File events do not immediately appear when sharing with Google domains that are not configured with Code42.
- If the Drive SDK is disabled in Google Drive, Code42 does not monitor file activity on the user's Google Drive account.
- Code42 does inventory the content of suspended users' Google Drives.
- Files owned by suspended users are still accessible by any users those files have been shared with. Code42 monitors files owned by suspended users files for any activity generated by these shared users.
Before you begin
Before you authorize the Code42 connection to your Google Drive environment, follow the directions in Configure Google Drive for the Code42 data connection to properly set up your Google Drive environment to allow Code42 to collect data.
Authorize Code42's connection to Google Drive
Step 1: Connect Code42 to Google Drive
- Sign in to the Code42 console.
- Add a cloud storage data connection:
- Select Administration > Integrations > Data Connections.
- Click Add data connection.
The Add data connection panel opens. - From Data connection, select Google Drive under Cloud storage.
Note the Client ID and OAuth scopes details that appear near the bottom of the panel. You enter this information into the Google Admin console later in this procedure. - Enter a display name. This display name must be unique.
- Authorize the Code42 app in Google:
- Go to your Google Admin console and log in using your Google Workspace administrator username and password.
- Go to Security > Access and data control > API controls.
- At the bottom of the page in the Domain wide delegation panel, click Manage domain wide delegation.
You may need to scroll to see the Domain wide delegation panel. Do not confuse the Manage domain wide delegation link in this panel with the Manage third-party app access link in the App access control panel. When you click Manage domain wide delegation, the Domain-wide delegation page displays. - On the Domain-wide delegation page, click Add new next to API clients.
- In the Add a new client ID dialog box:
- Copy the Client ID from the Code42 console and paste it in the Client ID field.
- Copy the OAuth scopes from the Code42 console and paste it in the in the OAuth scopes (comma-delimited) field.
- Click Authorize.
The Code42 cloud storage data connection is added to the API clients table.
Step 2: Add users
- Return to the Code42 console.
- In the Add data connection panel, select I've completed these steps under Complete these steps in Google Workspace and then click Continue.
The Add Users panel appears.
- Select one of the following options:
- All: Monitors all Google Drive users in your environment, including any drives owned by suspended users.
- Specific users: Monitors only the Google Drive users you designate.
- Click Upload .CSV file.
- Select a .csv file containing a list of only those Google Drive users you want to monitor.
- Specific groups: Monitors only the users in Google Drive groups you designate.
- Click Upload .CSV file.
- Select a .csv file containing a list of Google Drive groups whose users you want to monitor.
Step 3: Verify the setup
- In the Add data connection dialog, click Continue.
The Verify panel appears.
- Enter the Google Workspace username that you used earlier to log in to the Google Admin console.
- Click Authorize.
Google Drive is added as a data connection, and Code42 begins the initial inventory process.
Next steps
Once you have added Google Drive as a data connection, learn more about:
- Common use cases for investigating incidents with Forensic Search
- How to use Forensic Search
- Adding trusted domains to easily identify when files are shared with users not on your list of approved domains.
- Viewing and managing a cloud storage file's sharing permissions
Troubleshooting
Issues in your Google Drive environment can cause errors with the Code42 connection. When such issues occur, the Google Drive connection in the Data Connections table is highlighted in red and an error message is displayed at the top of the screen. When this occurs, click the Google Drive connection in the Data Connections table. The detail panel opens and lists the specific error so that you can resolve it.
Refer to these articles to troubleshoot specific errors that can appear for the Google Drive connection in the Data Connections list:
Other issues
Refer to the following articles:
External resources
Google documentation