Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.futurex.com/llms.txt

Use this file to discover all available pages before exploring further.

This section offers a quick reference to key prerequisites and high-level implementation steps. For basic testing procedures for the integration, see Test OpenSSL Provider.

Pre-implementation

Ensure your environment complies with the following requirements:
  • Grant CryptoHub admin privileges
  • Grant admin privileges
  • Grant Google Workspace Super Admin privileges
  • Acquire Google Workspace Enterprise Plus or Education Plus
  • Configure the CryptoHub Dashboard connection with a TLS certificate issued by a publicly trusted Certificate Authority
  • Access requirements verified for admins, users, and external collaborators

Implementation

Perform the following high-level steps to implement this integration:
  • Set up the chosen IdP and attain the necessary information: -VirtuCrypt(pre-configured for CryptoHub integration) [Possibly add more info here about Futurex configuring this for the user]
    • Google IdP(detailed in
Google IdP integration) -Okta(detailed in Okta integration)
  • Any 3rd-party IdP that supports the OpenID Connect (OIDC) standard (
openid.net/connect/). General integration principles found with the three previous IdPs should apply to most third-party IdPs
  • If using an IdP other thanVirtuCrypt, attain the following information:
    • OpenID Connect Discovery URL
    • OpenID Connect Client ID
    • OpenID Connect PKI
  • Set up the external key service (CryptoHub)
    • Deploy Google CSE as a service:
      • Set rotation period for Personal Keys
      • Enter Email Domain
      • Configure Issuance Policy
      • Enter KACLS URL
      • Select Provider Type and enter the necessary information depending on the provider type selected
      • Select Google Cloud Service Credentials
    • Modify Issuance Policy and Service Account Info if needed
  • Configure the KACLS in the Google Admin console to connect Google Workspace to the external key service
  • Connect Google Workspace to the IdP by either uploading a .well-known file or using the Google Workspace admin console
  • Implement IAM by turning CSE on or off for groups and users as needed

Post-implementation

After you complete the integration, perform the following tasks to validate it:
  • Validate that Google Workspace can successfully connect to the external key service (such as CryptoHub)
  • Validate that Google Workspace can successfully connect to the configured IdP
  • Test the creation of a blank, encrypted Google Doc
  • Test encrypting and uploading a file to Google Drive
  • Test sharing an encrypted Google Doc