Cloud key management
Google Workspace CSE

Validation and Testing

7min

This section covers the following tasks:

  1. Validate that Google Workspace can successfully connect to the external key service (such as )
  2. Validate that Google Workspace can successfully connect to the configured Identity Provider (IdP)
  3. Test the creation of a blank encrypted Google Doc
  4. Test encrypting and uploading a file to Google Drive
  5. Test sharing an encrypted Google Doc

Validate the connection to

Perform the following steps to validate a successful connection from Google Workspace to the CryptoHub:

1

Sign in to your Google admin console.

Sign in using an account with super administrator privileges.

2

In the main menu, select Security > Access and data control > Client-side encryption.

3

Select Test connection.

If Google Workspace can connect to , a green checkmark and the Your external key service is active message appears.

Validate the connection to the IdP

Perform the following steps to validate a successful connection from Google Workspace to the configured identity provider (IdP):

1

Sign in to your Google admin console.

Sign in using an account with super administrator privileges.

2

In the main menu, select Security > Access and data control > Client-side encryption.

3

Select the Identity provider configuration card to open it.

4

Select Test connection.

If Google Workspace can connect to your IdP, the Connection success message appears.

Test the creation

Perform the following steps to test the creation of a blank encrypted Google Doc:

After a new user has been fully provisioned on the Google Workspace with the correct permissions for GCSE, the user should immediately be able to use the file encryption functionality of GCSE with no further implementation required on the service.

1

Sign in to Google Drive with your CSE user.

2

Select [ New ] and select Google Docs > Blank encrypted document.

3

When warned that intelligent features such as spelling and grammar won't work with encrypted files, collaboration features are limited, and only certain people can access encrypted files due to admin settings, select [ Create ].

If this is the first encryption operation you have attempted with Google Workspace CSE, the following message appears at the top of the page, prompting you to sign in with your identity provider: Sign in with your identity provider (VIP Identity) to access files encrypted with a customer key - Sign in.

4

Select [ Sign In ] and sign in on your IdP's website.

After signing in and allowing your IdP access to your Google Account, you return to the Google Doc, which should now be encrypted. A confirmation message appears if encryption is successful. Then, you can edit and save the document as normal.

Test uploading a file

Perform the following steps to test encrypting and uploading a file to Google Drive:

1

Sign in to Google Drive with your CSE user.

2

Select [ New ], and select File upload > Encrypt and upload file.

3

When warned that some features, such as full-text search and file preview, will be unavailable and that only certain people can access encrypted files due to admin settings, select [ Select file ].

4

If this is the first encryption operation you have attempted with Google Workspace CSE, a message prompts you to sign in with your identity provider.

If this is the case, select [ Sign In ], which redirects you to your IdP website to sign in. After signing in and allowing your IdP access to your Google Account, you return to Google Drive, and the encrypted file upload proceeds. Uploads are displayed in the bottom-right corner of the page, and after the upload completes, a green checkmark and an updated status message display.

Viewing personal keys in

The first time that a Google CSE user creates an encrypted document or encrypts and uploads a file to Google Drive, a Personal Key is created in specifically for that user. The Personal Key is then used for all CSE operations that user performs in Google Workspace.

 users can view their Personal Keys by going to the Users menu for the deployed Google CSE service, selecting their user, and selecting Keys.

Test sharing a doc

Perform the following steps to test sharing an encrypted Google Doc:

1

Sign in to Google Drive with your CSE user.

2

Right-click the encrypted document you want to share and select Share, or, if you have the document open, you can select [ Share ] in the upper-right corner of the page.

3

In the dialog, add people and groups you would like to share the encrypted document with, and select [ Done ].

Only share encrypted documents with other Google CSE users that your company administrator has set up with an account in VIP. If they do not have a user configured in VIP, the user cannot decrypt, view, and edit the file you are sharing.

4

Users you shared the encrypted file with receive an email notifying them that a document has been shared with a link to open it.

5

After the user selects Open in the email they received, their browser redirects to sign in to Google. After signing in to Google (using the same email configured for their user in VIP), they return to the shared Google Doc.

6

After a few seconds, a message appears at the top of the page prompting the user to sign in to their identity provider, and the user should select [ Sign in ].

The user is redirected to the configured IdP to sign in. After signing in and allowing the IdP access to the Google Account, the user returns to the Google Doc, which should now be encrypted. A confirmation message appears if encryption is successful. Then the document can be edited and saved as normal.





Updated 20 Apr 2025
Did this page help you?
PREVIOUS
External key service setup for Google Workspace CSE
NEXT
Appendix A: Troubleshooting Google CSE
Docs powered by Archbee