Skip to main content

Who is this article for?

Incydr Professional, Enterprise, Horizon, and Gov F2
Incydr Basic, Advanced, and Gov F1

Find your product plan in the Code42 console on the Account menu.

Instructor, no.

Incydr Professional, Enterprise, Horizon, and Gov F2, no.

Incydr Basic, Advanced, and Gov F1, no.

HOME
GETTING STARTED
RELEASE NOTES
FAQs
APIs
SYSTEM STATUS
Code42 Support

Troubleshoot Code42 Google Services API client issues

Overview

Code42's Google Drive and Gmail data connections add a Google Services API client to your organization's Google Workspace when you authorize the connection. Code42 uses this API client to monitor file sharing and attachment activity in your Google Drive or Gmail environments. Monitoring stops and Code42 displays an error in the data connection's details when the API client:

  • Does not have the permissions required to monitor activity in your Google Workspace
  • Is accidentally deleted

This article helps you resolve the issue and return the connection to the Monitoring state.

The Code42 Google Services API client differs from API clients used to work with the Code42 API
Keep in mind that the Code42 Google Services API client is different from API clients that you use to access and use the Code42 API.
  • The Code42 Google Services API client exists in your Google Workspace to allow Code42 access to your Google Drive or Gmail environment for exfiltration monitoring.
  • You use the ID and secret in the API client you create in the Code42 console to access and use the Code42 APIs for integrations and scripts that extend insider risk monitoring to other tools you use.

Affects

This problem affects Google Drive and Gmail data connections in Incydr.

When the Code42 Google Services API client in Google Workspace either does not have the correct permissions or has been deleted, the following message appears in the data connection's details:

There was an issue with the connection to Google Drive/Gmail. Code42 is not monitoring activity.

The Code42 Google Services API client in your Google Admin console (Client ID: <IDstring>) does not have the right permissions or does not exist.

The next sentences in the error message vary, depending on the connector type:

  • Google Drive: Deauthorize and resume monitoring this data connector to resolve the issue. Validate the Code42 API client's client ID and scopes are configured correctly.
  • Gmail: Deauthorize this data connector and set up a new Google Gmail data connection to resolve this issue.

Recommended solution

Google Drive

  1. Sign in to the Code42 console.
  2. Go to Administration > Integrations > Data Connections.
  3. Locate the Google Drive data connection in the table, then click View details  .
  4. When the details panel opens, click Deauthorize to deauthorize the connection.
    A confirmation message appears.
    1. Click Deauthorize.
    2. At the "Remove access" step, click Close.
  5. On the Data Connections screen, click View details   to reopen the Google Drive connection's details.
  6. Click Resume monitoring.
  7. Follow the prompts to reauthorize Code42's connection to Google Drive. During the "Connect" step, verify that you copy the Client ID and OAuth scopes correctly from the Code42 console to the Code42 Google Services API client.
    1. Go to your Google Admin console and log in using your Google Workspace administrator username and password.
      Requires Super Admin role
      This email address must be associated with a Google Workspace administrator that has the Super Admin role.
    2. Go to Security > Access and data control > API controls. 
    3. Click Manage domain wide delegation in the Domain-wide delegation panel.
    4. In the Domain-wide delegation page, click View details for the Code42 Google Services entry in the list.
      • Verify that the Client ID matches the Client ID listed in the Code42 console. If not, delete the Code42 Google Services API client from the Google Admin console, then return to the Code42 console and set up a new data connection to your Google Drive environment.
      • Verify that the Scopes match the OAuth scopes listed in the Code42 console. If not, click Edit to add any missing scopes.
    5. Click Authorize.
      The Code42 cloud storage data connection is added to the API clients table.

Gmail

  1. Sign in to the Code42 console.
  2. Go to Administration > Integrations > Data Connections.
  3. Locate the Gmail data connection in the table, then click View details  .
    The details panel opens.
  4. Click Deauthorize to deauthorize the connection.
    A confirmation message appears.
  5. Click Deauthorize.
  6. (Optional) Follow the steps to remove Code42's access to your Gmail environment using the Google Admin console. Then, return to the Code42 console and click Close.
    It's not required to remove Code42's access from your Gmail environment. Code42 immediately stops monitoring Gmail when you deauthorize the connection. Removing Code42's access in your Google Workspace can increase security, however.
  7. On the Data Connections screen, click Add data connection and add a new connection to your Gmail environment.
  • Was this article helpful?