> ## Documentation Index
> Fetch the complete documentation index at: https://docs.futurex.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Quick Reference

> Concise summary of prerequisites and high-level implementation steps for Google Workspace CSE.

This section offers a quick reference to key prerequisites and high-level implementation steps. For basic testing procedures for the integration, see [Validate and test](/Integrations/CryptoHub/Data_protection/Google_Workspace_CSE/Post-Integration_tasks/Validate_and_test).

## Pre-implementation

Ensure your environment complies with the following requirements:

* Grant CryptoHub admin privileges
* Grant Google Workspace Super Admin privileges
* Acquire Google Workspace Enterprise Plus or Education Plus
* Configure the CryptoHub **Dashboard** connection with a TLS certificate issued by a publicly trusted Certificate Authority
* Access requirements verified for admins, users, and external collaborators

## Implementation

Perform the following high-level steps to implement this integration:

* Set up the chosen IdP and attain the necessary information:
  * **VirtuCrypt** (pre-configured for CryptoHub integration)
  * **Google IdP** (detailed in [Google IdP integration](/Integrations/CryptoHub/Data_protection/Google_Workspace_CSE/Integration_Workflow/Implementation_workflows/Google_IdP_integration))
  * **Okta** (detailed in [Okta integration](/Integrations/CryptoHub/Data_protection/Google_Workspace_CSE/Integration_Workflow/Implementation_workflows/Okta_integration))
  * **Any 3rd-party IdP** that supports the OpenID Connect (OIDC) standard ([openid.net/connect/](https://openid.net/connect/)). General integration principles found with the three previous IdPs should apply to most third-party IdPs
  * If using an IdP other than **VirtuCrypt**, attain the following information:
    * OpenID Connect Discovery URL
    * OpenID Connect Client ID
    * OpenID Connect PKI
* Set up the external key service (CryptoHub)
  * Deploy Google CSE as a service:
    * Set rotation period for Personal Keys
    * Enter Email Domain
    * Configure Issuance Policy
    * Enter KACLS URL
    * Select Provider Type and enter the necessary information depending on the provider type selected
    * Select Google Cloud Service Credentials
  * Modify **Issuance Policy** and **Service Account Info** if needed
* Configure the KACLS in the Google Admin console to connect Google Workspace to the external key service
* Connect Google Workspace to the IdP by either uploading a `.well-known` file or using the Google Workspace admin console
* Implement IAM by turning CSE on or off for groups and users as needed

## Post-implementation

After you complete the integration, perform the following tasks to validate it:

* Validate that Google Workspace can successfully connect to the external key service (such as CryptoHub)
* Validate that Google Workspace can successfully connect to the configured IdP
* Test the creation of a blank, encrypted Google Doc
* Test encrypting and uploading a file to Google Drive
* Test sharing an encrypted Google Doc
