Quick Reference

this section offers a quick reference to key prerequisites and high level implementation steps for basic testing procedures for the integration, see validate and test docid\ s5ugns92rgwgo79qvtgbv pre implementation ensure your environment complies with the following requirements grant cryptohub admin privileges grant admin privileges grant google workspace super admin privileges acquire google workspace enterprise plus or education plus configure the {{ch}} dashboard connection with a tls certificate issued by a publicly trusted certificate authority access requirements verified for admins, users, and external collaborators implementation perform the following high level steps to implement this integration set up the chosen idp and attain the necessary information virtucrypt (pre configured for {{ch}} integration) \[ possibly add more info here about futurex configuring this for the user ] google idp (detailed in google idp integration docid\ wmdd41a3r5b8z4t42rzck ) okta (detailed in okta integration docid\ fcejpiugm3788ijevvcxg ) any 3rd party idp that supports the openid connect (oidc) standard ( openid net/connect/ ) general integration principles found with the three previous idps should apply to most third party idps if using an idp other than virtucrypt , attain the following information openid connect discovery url openid connect client id openid connect pki set up the external key service ( {{ch}} ) deploy google {{cse}} as a service set rotation period for personal keys enter email domain configure issuance policy enter {{kacls}} url select provider type and enter the necessary information depending on the provider type selected select google cloud service credentials modify issuance policy and service account info if needed configure the kacls in the google admin console to connect google workspace to the external key service connect google workspace to the idp by either uploading a well known file or using the google workspace admin console implement {{iam}} by turning cse on or off for groups and users as needed post implementation after you complete the integration, perform the following tasks to validate it validate that google workspace can successfully connect to the external key service (such as {{ch}} ) validate that google workspace can successfully connect to the configured idp test the creation of a blank, encrypted google doc test encrypting and uploading a file to google drive test sharing an encrypted google doc