Validate and test the integration
This section covers the following tasks:
- Validate that Google Workspace can successfully connect to the external key service (such as the KMES Series 3).
- Validate that Google Workspace can successfully connect to the configured IdP.
- Test the creation of a blank encrypted Google Doc.
- Test encrypting and uploading a file to Google Drive.
- View Personal Keys in the KMES Series 3 application interface.
- Test sharing an encrypted Google Doc.
Sign in to your Google admin console by using an account with super administrator privileges.
In the main menu, select Security > Access and data control > Client-side encryption.
Select [ Test Connection ].
If Google Workspace can connect to the KMES Series 3, a green checkmark and the Your external key service is active message display.
Sign in to your Google admin console by using an account with super administrator privileges.
In the main menu, select Security > Access and data control > Client-side encryption.
Select the Identity provider configuration card to open it.
Select [ Test Connection ].
If Google Workspace can connect to your IdP, the Connection success message displays.
Sign in to Google Drive with your CSE user.
Select [ New ], then select Google Docs > Blank encrypted document.
A message warns you that some features, such as full-text search and file preview, will be unavailable and that only certain people can access encrypted files due to admin settings.
Select [ Create ].
If this is your first encryption operation with Google Workspace CSE, a message displays at the top of the page prompting you to sign in with your identity provider. Select [ Sign in ], which redirects you to your IdP's website to sign in. After signing in and allowing your IdP access to your Google Account, the system returns you to the Google Doc, which is now encrypted.
A confirmation message displays if encryption is successful. Then you can edit and save the document per the normal process.
Sign in to Google Drive with your CSE user.
Select [ New ], then select File Upload > Encrypt and upload file.
A message warns you that some features, such as full-text search and file preview, will be unavailable and that only certain people can access encrypted files due to admin settings.
Select [ Select file ].
If this is the first encryption operation you have attempted with Google Workspace CSE, the system prompts you to sign in with your IdP. If this is the case, select [ Sign In ], which redirects you to your IdP's website to sign in. After signing in and allowing your IdP access to your Google Account, the system redirects you to Google Drive, and the encrypted file upload commences.
Uploads display in the bottom-right corner of the page, and after the upload completes, you see a green checkmark and an updated status message.
As this guide mentioned earlier, the first time that a Google CSE user creates an encrypted document or encrypts and uploads a file to Google Drive, the KMES generates a new Personal Key Group and Personal Key for that user. All CSE operations performed by that user in Google Workspace then use that Personal Key until an automatic key rotation occurs and a new Personal Key becomes active. CSE users can view their Personal Keys by logging in to the application interface and navigating to the Key Management > Personal Keys menu.
In addition to individual CSE users being able to view their own Personal Keys, users with the Personal Keys Managed permission can manage the Personal Keys of all CSE users on the KMES.
Sign in to Google Drive with your CSE user.
Right-click the encrypted document to share and select [ Share ], or, if you have the document open, you can select the [ Share ] button in the upper-right corner of the page.
In the Share with people and groups window, add the people and groups with whom to share the encrypted document and select [ Done ].
Share encrypted documents only with other Google CSE users that your company administrator provided with an account on the KMES Series 3. Users who do not have a user configured on the KMES cannot decrypt, view, or edit files you share.
Users you shared the encrypted file with receive an email that notifies them about the shared document.
After the user selects [ Open ] in the email they received, their browser redirects to sign in to Google. After signing in to Google (with the same email configured for their user on the KMES), the system redirects them to the shared Google Doc.
After a few seconds, a message displays at the top of the page prompting the user to sign in with their IdP. Selecting [ Sign in ] redirects them to their IdP's website to sign in. After signing in and allowing your IdP access to their Google Account, the system redirects them to the Google Doc, which is now encrypted.
A confirmation message displays if encryption is successful. Then, the recipient can edit and save the document normally.