Validation and testing

7min

this section covers the following tasks validate that google workspace can successfully connect to the external key service (such as {{ch}} ) validate that google workspace can successfully connect to the configured identity provider (idp) test the creation of a blank encrypted google doc test encrypting and uploading a file to google drive test sharing an encrypted google doc validate the connection to {{ch}} perform the following steps to validate a successful connection from google workspace to the {{ch}} sign in to your google admin console at admin google com/ see support google com/a/answer/182076 sign in using an account with super administrator privileges in the main menu, select security > access and data control > client side encryption select test connection if google workspace can connect to {{ch}} , a green checkmark and the your external key service is active message appears validate the connection to the idp perform the following steps to validate a successful connection from google workspace to the configured identity provider (idp) sign in to your google admin console at admin google com/ see support google com/a/answer/182076 sign in using an account with super administrator privileges in the main menu, select security > access and data control > client side encryption select the identity provider configuration card to open it select test connection if google workspace can connect to your idp, the connection success message appears test the creation perform the following steps to test the creation of a blank encrypted google doc after a new user has been fully provisioned on the google workspace with the correct permissions for gcse, the user should immediately be able to use the file encryption functionality of gcse with no further implementation required on the {{ch}} service sign in to google drive ( drive google com/ ) with your cse user select \[ new ] and select google docs > blank encrypted document when warned that intelligent features such as spelling and grammar won't work with encrypted files, collaboration features are limited, and only certain people can access encrypted files due to admin settings, select \[ create ] if this is the first encryption operation you have attempted with google workspace cse, the following message appears at the top of the page, prompting you to sign in with your identity provider sign in with your identity provider (vip identity) to access files encrypted with a customer key sign in select \[ sign in ] and sign in on your idp website after signing in and allowing your idp access to your google account, you return to the google doc, which should now be encrypted a confirmation message appears if encryption is successful then, you can edit and save the document as normal test uploading a file perform the following steps to test encrypting and uploading a file to google drive sign in to google drive ( drive google com/ ) with your cse user select \[ new ] , and select file upload > encrypt and upload file when warned that some features, such as full text search and file preview, will be unavailable and that only certain people can access encrypted files due to admin settings, select \[ select file ] if this is the first encryption operation you have attempted with google workspace cse, a message prompts you to sign in with your identity provider if this is the case, select \[ sign in ] , which redirects you to your idp website to sign in after signing in and allowing your idp access to your google account, you return to google drive, and the encrypted file upload proceeds uploads are displayed in the bottom right corner of the page, and after the upload completes, a green checkmark and an updated status message display viewing personal keys in {{ch}} the first time that a google cse user creates an encrypted document or encrypts and uploads a file to google drive, a personal key is created in {{ch}} specifically for that user the personal key is then used for all cse operations that user performs in google workspace {{ch}} users can view their personal keys by going to the users menu for the deployed google cse service, selecting their user, and selecting keys test sharing a doc perform the following steps to test sharing an encrypted google doc sign in to google drive ( drive google com/ ) with your cse user right click the encrypted document you want to share and select share , or, if you have the document open, you can select \[ share ] in the upper right corner of the page in the dialog, add people and groups you would like to share the encrypted document with, and select \[ done ] only share encrypted documents with other google cse users that your company administrator has set up with an account in vip if they do not have a user configured in vip, the user cannot decrypt, view, and edit the file you are sharing users you shared the encrypted file with receive an email notifying them that a document has been shared with a link to open it after the user selects open in the email they received, their browser redirects to sign in to google after signing in to google (using the same email configured for their user in vip), they return to the shared google doc after a few seconds, a message appears at the top of the page prompting the user to sign in to their identity provider, and the user should select \[ sign in ] the user is redirected to the configured idp to sign in after signing in and allowing the idp access to the google account, the user returns to the google doc, which should now be encrypted a confirmation message appears if encryption is successful then the document can be edited and saved as normal

External key service setup for Google Workspace CSE

Appendix A: Troubleshooting Google CSE