License editions: To understand the applicable license editions, see Plans & Pricing.
Configure inSync to integrate with Google Workspace
Overview
You configure inSync to integrate with Google Workspace so that it connects with your Google Workspace admin account and accesses the data of Google Workspace users that are associated with your Google Workspace admin account.
Supported Google Workspace editions
Druva inSync supports the following Google Workspace editions:
Business Starter
Business Standard
Business Plus
Enterprise
Before you begin
In addition to Prerequisites to back up SaaS Apps data, ensure the following:
You use the Google Super Administrator account for configuring inSync to integrate with Google Workspace.
You have not logged on to Google through any other Google account. In such case, inSync displays an error and you will not be able to install the inSync for Google Workspace app.
Procedure
To integrate inSync with Google Workspace:
On the inSync Management Console menu bar, click the global navigation (three horizontal lines) icon.
Click SaaS Apps.
Click Google Workspace. The Add Google Workspace Account page appears.
4. Click the Add Google Workspace Account button.
5. On the confirmation popup that appears, click Configure.
6. On the Google sign-in page, enter the Google Workspace super administrator's username and password, and then click Next.
7. On the next page, that appears, click Allow to allow inSync to access your super administrator account and the user's details that are associated with your account.
8. On the Google Workspace Marketplace page, click Admin Install.
9. Click Continue on the confirmation pop-up that appears.
10. On the inSync for Google Workspace dialog box, perform the following steps:
From the Turn ON for list, select the domain for which you want to provide access to.
Select the terms of service check box, and then click Accept to allow inSync to access your Google account's data. A confirmation pop-up appears after the installation is complete.
11. On the inSync for Google Workspace has been installed pop-up, click Done. inSync connects to your Google Workspace admin account and can access data of all the users who are associated with your Google Workspace admin account. Once inSync for Google Workspace is installed, perform the following steps:
On the Google Admin Console, click the App launcher icon and navigate to inSync for Google Workspace icon. Click inSync for Google Workspace icon to launch the app in the inSync Management Console.
After the configuration is complete, you are redirected back to inSync Management Console, and you can see the Verify Configuration dialog. In the dialog, you can select a user from the organization to verify the inSync integration with Google Workspace.
📝 Note
Provide an email address in the Select a user field. User Principal Name (UPN) is not supported at the moment.
After the Google Workspace is configured, you can view the configuration details on the Google Workspace Overview page. For more information, see the Google Workspace Overview page.
How to configure inSync with Google Workspace with Advanced Protection On?
When Advanced Protection is On the user gets the below error message for which we need to follow the steps on Google.
Error:
Authorization Error
Error 400: policy_enforced
Advanced Protection prevented your Google Account from signing in. This security feature stops most non-Google apps and services from accessing your data to keep your account protected.
Action needs to be carried out on Google
-----------------------------------------------------
1) Under App access control, click Manage Third-Party App Access.
2) For Configured apps, click Add app.
3) Choose OAuth App Name or Client ID, Android, or IOS.
4) Enter the app's name or client ID and click Search.
5) Point to the app and click Select.
6) Check the boxes for the client IDs that you want to configure and click Select.
7) Select Trusted or Blocked and click Configure.
Reference article:
Once the above steps are performed, follow the steps mentioned in the section "Configure inSync to integrate with Google Workspace" of this article.
Get user data encryption key(ekey)
To ensure that the Google Workspace data that is backed up is secure, you must configure inSync to get the data encryption key(ekey).
inSync requires access to the ekey to initiate the scheduled backup of any Google Workspace data. The ekey is used to encrypt the user data when it is being backed up to the Druva Cloud. This is part of the digital envelope encryption process that Druva strictly adheres to. Druva does not store ekey of the users and has no access to the data.
Use one of the following methods to enable inSync to get the user data encryption key(ekey):
After inSync integrates with your Google Workspace admin account, you can perform the following additional configurations:
Configure SaaS Apps settings for Google Workspace
Define the user attribute that you want inSync to use to map user account to their Google Workspace app account.
Only administrators with the Cloud administrator role can configure the user account access settings.
Configure user accounts access using the inSync email ID or Active Directory(AD) attribute
By default, inSync uses the email address of users to map users to their Google Workspace app account.
If you have integrated Active Directory (AD) or LDAP with inSync to manage user information, you can configure it to use the User Principal Name (UPN) of users for identifying and associating them to their Google Workspace app account.
inSync gets the UPN information through AD Mapping configured to fetch user accounts from configured AD/LDAP with inSync.
inSync then automatically gets user details and identifies the user accounts with the configured SaaS Apps account.
Procedure
On the inSync Management Console menu bar, click the global navigation (three horizontal lines) icon.
Click SaaS Apps.
Click Google Workspace.
On the Overview page, click Settings. The Cloud App Settings dialog box appears.
By default, inSync Email ID is configured for accessing user accounts. To configure inSync to use User Principal Name (UPN) for accessing user accounts, select AD Attribute.
4. Click OK.
An organization may have a custom domain associated with different cloud applications such as Google Workspace. Druva Cloud Administrator must map the inSync user IDs of the users using the Google Workspace apps with the custom domain.
If the inSync user ID does not match with the Cloud application domain ID configured by the organization, backup for that particular cloud application services fails with an error USER NOT FOUND.
Configuring the user's custom domain for Google Workspace enables the administrator to allow inSync to access the user's details.
Procedure
On the inSync Management Console menu bar, click the global navigation (three horizontal lines) icon.
Click SaaS Apps.
Click Google Workspace.
On the Overview page, click Settings. The Cloud App Settings dialog box appears.
To configure a custom domain for the selected Cloud App, enter a valid and unique User custom domain name. The custom domain specified in this field replaces the inSync user's existing domain and is used to access the user's details for the configured cloud application.
Click OK.
Associate and add users to Google Workspace enabled SaaS Apps profile
The procedure to associate and add users depends on the SaaS Apps Settings defined:
Cloud Apps Settings | Procedure |
inSync Email ID | Add users individually or add a group of users by importing their information from a CSV file. To learn more about each option, see: ❗ Important If you have not created a SaaS Apps enabled profile, you may add the users to the Default or any existing profile and then enable SaaS Apps feature for this profile. |
AD attribute | inSync users are automatically imported and mapped to their Google Workspace account. ❗ Important If your preferred method to map users is AD attribute option, then you must have the Active Directory (AD) or LDAP integrated with inSync. To learn more about how to integrate Active Directory (AD) or LDAP integrated with inSync, see Create an AD/LDAP mapping. |
Enable SaaS App backup for the user in the associated profile
Procedure
To enable SaaS App backup for Google Workspace user,
Click on the concerned user’s Profile. The Manage Profile page appears.
Click SaaS Apps and then click on Edit.
3. On the Edit SaaS Apps Configuration page, click Google Workspace.
4. Select the checkbox besides Gmail and Google Drive as per your need. Click Save.
Enable alerts whenever the cloud apps status changes
Overview
After you integrate cloud apps with inSync, you can choose to receive alerts whenever the SaaS Apps status changes. For example, Not Connected.
Procedure
To enable the alerts for SaaS Apps status,
On the inSync Management Console menu bar, click the bell icon. The list of all alerts appears under the Active Alerts tab.
Click the Alert Subscriptions tab. A list of available alerts is displayed.
Select the SaaS Apps Status alert, and then click Edit. The Edit Alert Notifications window appears.
In the Admins to be notified field, select the administrators who must receive the alerts. By default, the server administrators are notified about the alerts for SaaS Apps status.
If any user action is required, select the Notify user checkbox.
Click Save.
Reconfigure Google Workspace
Overview
When you reconfigure a cloud application, inSync stops all the ongoing cloud app backups.
Procedure
To reconfigure Google Workspace:
On the inSync Management Console menu bar, click the global navigation (three horizontal lines) icon.
Click SaaS Apps.
Click Google Workspace. The Google Workspace Overview page appears.
Select Overview > Re-Configure.
On the popup message that appears, click Yes.
On the Google sign-in page, select the Google super administrator's account.
On the next page that appears, click Allow to allow inSync to access your Google super administrator account and the user details that are associated with your account.
On the Google Workspace Marketplace page, click Admin Install.
Because you had previously installed the inSync for Google Workspace Marketplace app, inSync directly navigates to the Manage Cloud App Accounts page on the inSync Management Console. inSync connects to your Google Workspace admin account and can access data of all the users who are associated with your Google Workspace admin account.
📝 Note
If the application fails to redirect to the Druva Portal after reconfiguration or seems unresponsive, try refreshing the page and check the application's status.