Before you enable the G Suite API Securlet on your Cloud SOC account, you must:
- Have administrative privileges on your Symantec CloudSOC account
- Have a "G Suite" G Suite account (Basic, Business, or Enterprise)
- Be a Super Administrator for your G Suite account
- The email address you use as the username for the administrator login on your G Suite account must be exactly the same as the email address that you use as your CloudSOC username. Furthermore, this email address must be within the primary or secondary domains listed for your Elastica CloudSOC account. To confirm, login to CloudSOC, choose <username> > Settings > General , and check your domains. If necessary, contact Elastica technical support to add additional secondary domains.
- Enable API in the security settings of your Google admin console as described in the following procedure:
- Go to more controls and click Security .
- Click API reference and mark the Enable API Access checkbox.
Enabling the G Suite Securlet
This section describes how to enable the G Suite Securlet on your CloudSOC account.
- Login to CloudSOC using your administrator credentials.
- On the left side navigation bar, click Store .
- In the Elastica App Store, navigate to the Securlets area. If the G Suite Securlet is not listed, click See all to view a full list of available Securlets.
- Click the tile for the G Suite Securlet. CloudSOC opens the G Suite securlet page.
- Click Enable.CloudSOC sends an activation request to Elastica for the G Suite Securlet. The label on the Enable button changes to “Request Pending”.
- If the 'Request Pending' takes longer than 24 hours, please consult with your Sales Engineer to ensure your license covers this Securlet. Support will not be able to help you with this because this process goes through the provisioning team.
- When Elastica approves the activation request, the button label changes again to “Activate”. During weekday business hours Pacific time, activation usually takes about 20 minutes. Contact your Elastica representative if the activation takes unusually long.
- Click Activate . CloudSOC prompts whether you want to do a scan or selective scan for a subset of users/groups/folders.
- Choose an option and click Activate Securlet . Once you choose an option, you cannot change it after activating the securlet. However, you can change it later by deactivating and then reactivating the securlet as described in Reactivating the G Suite securlet . After the reactivation, all your files and data are rescanned. CloudSOC prompts you to choose the G Suite you want to secure. Drive is pre-selected, and you cannot deselect it.
- Mark or clear the checkboxes for Mail and Calendar Note: You can choose just Drive, and add Mail and Calendar at a later time by deactivating and then reactivating the securlet as described in Reactivating the G Suite securlet . After the reactivation, all your files and data must be rescanned.
- If you want CloudSOC to import all your G Suite users with Active status, mark the "Import as active users" checkbox. Otherwise, the users' statuses are automatically set to Inactive, and you must manually change them to Active later. Inactive users cannot access SaaS apps through the Elastica gateway.
- Click Save . CloudSOC redirects you to the Elastica Securlet App in the G Suite Marketplace for authentication.
- Click Integrate with Google to start the process. If you are not logged into G Suite, Google prompts you to login.
- If prompted, login with your Google credentials. Note: We recommend that you create a special admin user for your Google account, one that is not tied to a specific person, in order to manage the Elastica Securlet. Creating such a user makes it possible to continue to manage the Elastica Securlet in the case of personnel changes within your network administration group. Google prompts you to accept the permissions sought by Elastica and also to accept the Elastica and G Suite Marketplace Terms of Service.
- Mark the "I agree..." checkbox and click Accept to grant the requested permissions. Elastica needs all the requested permissions in order to protect your files with operations such as removing collaborators and remediating file exposures.
- Google prompts you whether you want to notify your users of the Securlet installation. We recommend you toggle it to OFF , since the ON setting sends an alert to every user in the domain.
- Google shows you one or more additional messages that introduce you to the Securlet. Click Next on each one until you get to the one with the Launch App button.
- Activate the app by clicking Launch App. Google prompts you to grant additional permissions to activate the app on the Elastica portal.
- Click Accept to grant the requested permissions. Elastica needs all the requested permissions in order to protect your files with operations such as removing collaborators and remediating file exposures.
- If you chose Selective Scan in Step 8, use the tools on the Define Scan Policies dialog box to create granular scan policies that scan only specific users or groups, or exclude specific users or groups from Securlet scanning:
- Use the Policy Type buttons to choose whether the Securlet scans only the items described in the policy, or scans everything except the described items.
- Use the Users menu to choose which OUs, groups, and users are included or excluded.
- Use the Folders menu to choose which folders are included or excluded. To add a folder, choose Specific folders matching keywords and then enter a full or partial folder name.
- Click Add Rule near the bottom of the box to add additional user, group, or folder rules to the scan policy.
- Click Start Scan . The securlet starts scanning user data based on the defined policies.
By default, a video overlay appears on the dashboard to introduce you to the dashboard features and functionality. You can dismiss the video by clicking Hide overview video . If you go to the store on Elastica Portal again, you see that the G Suite securlet is enabled (with a green check mark at the upper right corner). This completes the activation process.
The G Suite API Securlet is now enabled on your CloudSOC account. You can view user activities using the Elastica Investigate app. Investigate shows you a detailed analysis of the user activity performed on your G Suite enterprise account.