Skip to main content
All CollectionsGoogle WorkspaceProtect Google Workspace data
Get Started - Data Protection for Google Workspace
Get Started - Data Protection for Google Workspace
Updated over a week ago

License editions : To understand the applicable license editions, see Plans & Pricing.

Configure inSync to integrate with Google Workspace

Overview

You configure inSync to integrate with Google Workspace, so that it connects with your Google Workspace admin account and accesses the data of Google Workspace users that are associated with your Google Workspace admin account.

Supported Google Workspace editions

Druva inSync supports the following Google Workspace editions:

  • Business Starter

  • Business Standard

  • Business Plus

  • Basic

  • Enterprise

Before you begin

In addition to the prerequisites for backing up SaaS Apps data, ensure the following:

  • You use the Google Super Administrator account for configuring inSync to integrate with Google Workspace.

  • You have not logged on to Google through any other Google account. In such case, inSync displays an error and you will not be able to install the inSync for Google Workspace app.

Procedure

To integrate inSync with Google Workspace:

  1. Sign in to Druva Cloud Platform Console and navigate to Google Workspace. The Add Google Workspace Account page appears.

    Googleworskpace_addaccount_april4.png
  2. Click the Add Google Workspace Account button.

  3. On the confirmation popup that appears, click Configure.

    Confirmation_new_April32021.png
  4. On the Google sign-in page, enter the Google Workspace super administrator's username and password, and then click Next.

  5. On the next page, that appears, click Allow to allow inSync to access your super administrator account and the user's details that are associated with your account.

    allow_marked_April42021 _updated.png
  6. On the Google Workspace Marketplace page, click Domain Install.

    Domain_install_marked_updated headertext_masked.png
  7. Click Continue on the confirmation pop-up that appears.

    Domain wide install popup_marked_April32021.png
  8. On the inSync for Google Workspace dialog box, perform the following steps:

    Accept_permissions_1_marked_April42021 (1).png
    • From the Turn ON for list, select the domain for which you want to provide access to.

    • Select the terms of service check box, and then click Accept to allow inSync to access your Google account's data. A confirmation pop-up appears after the installation is complete.

      Download _done_marked_April32021.png
  9. On the inSync for Google Workspace has been installed pop-up, click Done. inSync connects to your Google Workspace admin account and can access data of all the users who are associated with your Google Workspace admin account. Once inSync for Google Workspace is installed, perform the following steps:

    1. On the Google Admin Console, click the App launcher icon and navigate to inSync for Google Workspace icon. Click inSync for Google Workspace icon to launch the app in the inSync Management Console.

    2. After the configuration is complete, you are redirected back to inSync Management Console, and you can see the Verify Configuration dialog. In the dialog, you can select a user from the organization to verify the inSync integration with Google Workspace.

      Verify_Config_April_03.png

    📝 Note


    Provide an email address in the Select a user field. User Principal Name (UPN) is not supported at the moment.


After the Google Workspace is configured, you can view the configuration details on the Google Workspace Overview page. For more information, see the Google Workspace Overview page.

Get user data encryption key(ekey)

To ensure that the Google Workspace data that is backed up is secure, you must configure inSync to get the data encryption key(ekey).


❗ Important

inSync requires access to the ekey to initiate the scheduled backup of any Google Workspace data. The ekey is used to encrypt the user data when it is being backed up to the Druva Cloud. This is part of the digital envelope encryption process that Druva strictly adheres to. Druva does not store ekey of the users and has no access to the data.


Use one of the following methods to enable inSync to get the user data encryption key(ekey):

After inSync integrates with your Google Workspace admin account, you can perform the following additional configurations:

Configure SaaS Apps settings for Google Workspace

Define the user attribute that you want inSync to use to map user account to their Google Workspace app account.

Only administrators with the Cloud administrator role can configure the user account access settings.

Configure user accounts access using the inSync email ID or Active Directory(AD) attribute

By default, inSync uses the email address of users to map users to their Google Workspace app account.

If you have integrated Active Directory (AD) or LDAP with inSync to manage user information, you can configure it to use the User Principal Name (UPN) of users for identifying and associating them to their Google Workspace app account.

inSync gets the UPN information through AD Mapping configured to fetch user accounts from configured AD/LDAP with inSync.

inSync then automatically gets user details and identifies the user accounts with the configured SaaS Apps account.

Procedure

  1. On the Overview page, click and then click Settings . The Cloud App Settings dialog box appears.

  2. By default, inSync Email ID is configured for accessing user accounts. To configure inSync to use User Principal Name (UPN) for accessing user accounts, select AD Attribute.

  3. Click OK.

Configure the User custom domain for Google Workspace

An organization may have a custom domain associated with different cloud applications such as Google Workspace. Druva Cloud Administrator must map the inSync user IDs of the users using the Google Workspace apps with the custom domain.


❗ Important

If the inSync user ID does not match with the Cloud application domain ID configured by the organization, backup for that particular cloud application services fails with an error USER NOT FOUND.


Configuring the user custom domain for Google Workspace enables the administrator to allow inSync to access the user's details.

Procedure

  1. On the Overview page, click and then click Settings. The Cloud App Settings dialog box appears.

  2. To configure a custom domain for the selected Cloud App, enter a valid and unique User custom domain name. The custom domain specified in this field replaces the inSync user's existing domain and is used to access the user's details for the configured cloud application.

  3. Click OK.

Associate and add users to Google Workspace-enabled SaaS Apps profile

The procedure to associate and add users depends on the SaaS Apps Settings defined:

Cloud Apps Settings

Procedure

inSync Email ID

Add users individually or add a group of users by importing their information from a CSV file. To learn more about each option, see:


❗ Important

If you have not created a SaaS Apps enabled profile, you may add the users to the Default or any existing profile and then enable SaaS Apps feature for this profile.


AD attribute

inSync users are automatically imported and mapped to their Google Workspace account.


❗ Important

If your preferred method to map users is AD attribute option, then you must have the Active Directory (AD) or LDAP integrated with inSync. To learn more about how to integrate Active Directory (AD) or LDAP integrated with inSync, see Create an AD/LDAP mapping.


Enable SaaS App backup for the user in the associated profile

Procedure

  1. Click Users on the menu bar and select the user you want to enable SaaS App backup for. The Users profile details page appears.

  2. Under the summary, click the Profile name to access the Profile summary page.

  3. In the SaaS Apps tab, click the Enable SaaS Apps Backup Button.

  4. Next to Gmail and Google Drive, click the arrow and enable backup for the respective apps.

  5. Click Save.
    Profile updated successfully message appears.

Enable alerts whenever the cloud app status changes

Overview

After you integrate Google Workspace with inSync, you can choose to receive alerts whenever the status changes. For example, Not Connected.

Procedure

To enable the alerts,

  1. On the inSync Management Console menu bar, click the Bell icon. The list of all alerts appears under the Active Alerts tab.

  2. Click the Alert Subscriptions tab. A list of available alerts is displayed.

  3. Select the SaaS Apps Status alert, and then click Edit. The Edit Alert Notifications window appears.

  4. In the Admins to be notified field, select the administrators who must receive the alerts. By default, the server administrators are notified about the alerts for SaaS Apps status.

  5. If any user action is required, select the Notify user checkbox.

  6. Click Save.

Verify Configuration

You can verify the configuration after you have successfully setup inSync to connect with your Google Workspace Apps.

  • App authentication: This step checks if inSync can utilize the available refresh tokens to validate the connection with the application. If certain app-specific permissions are revoked, then inSync identifies the error at this step.

  • User existence: This step checks if the user exists on Google Workspace.

  • User authentication: In this step inSync tries to generate JSON Web Tokens and uses the email address to authenticate the user.

Procedure

  1. From the global navigation panel, click Google Workspace.

  2. On the Overview page, click and then click Verify.

  3. In the Verify Configuration dialog that appears, select a user.


    📝 Note

    Provide an email address in the Select a user field. User Principal Name (UPN) is not supported at the moment.


  4. When you select a user, inSync authenticates with the suite, checks if it can access users in the suite, and then checks if the user data for backup is available for the apps.

  5. If any of the steps fail, you are prompted with an error message. Click the error message to view the error details.

Reconfigure Google Workspace

Overview

When you reconfigure a cloud application, inSync stops all the ongoing cloud app backups.

Procedure

To reconfigure Google Workspace:

  1. Select Overview > Re-Configure.

  2. On the popup message that appears, click Yes.

    Reconfigure_April3.png
  3. On the Google sign-in page, select the Google super administrator's account.

  4. On the next page that appears, click Allow to allow inSync to access your Google super administrator account and the user details that are associated with your account.

    allow_marked_April32021.png
  5. On the Google Workspace Marketplace page, click Domain Install.

    Domain_install_marked_updated headertext_masked.png

Because you had previously installed the inSync for Google Workspace Marketplace app, inSync directly navigates to the Manage Cloud App Accounts page on the inSync Management Console. inSync connects to your Google Workspace admin account and can access data of all the users who are associated with your Google Workspace admin account.

Did this answer your question?