Activating Google Workspace (Gmail and Google Drive)
Prerequisites
To activate Google Workspace, you must have these:
-
You have the Administrator access to activate Google Workspace.
-
Additional Google Workspace license to integrate with Avanan. (Integration is not supported for clients on the free G-Suite license tiers.)
-
You have the minimum supported SaaS license. See Minimum License Requirements to Activate SaaS Applications.
-
If you use GCDS (Google Cloud Directory Sync) to synchronize your user groups on-premises and in the cloud, before activating Google Workspace, you must create exclusion rules for these user groups.
-
avanan_inline_policy
-
avanan_inline_outgoing_policy
-
avanan_monitor_policy
-
avanan_monitor_outgoing_policy
For more information, see User Groups.
-
By default, the Google Chrome browser authenticates the signed-in Chrome user in Google Workspace instead of a selected account. To see if you are signed in to Google Chrome, look for the user name in the browser's top-right corner.
Possible workarounds:
-
Perform the Google Workspace activation using a non-Chrome browser.
-
Sign out (switch to Guest) any logged-in Chrome user before you continue.
While onboarding Google Workspace (Gmail / Google Drive), Avanan creates a service user (cloud-sec-av@[domain]) in the root organizational unit.
Before onboarding, make sure that these settings are selected in your Google Admin Console.
-
Go to Authentication Settings of the root organizational unit and check these settings.
-
The Allow users to turn on 2-Step Verification check-box is selected.
-
If the Only security key option is selected, do not select the Don't allow users to generate security codes option.
-
If the Authentication Settings are not supported, onboarding fails. To resolve this issue, do one of these.
-
If you want to keep the unsupported Authentication Settings of your root organizational unit, move the service user (cloud-sec-av@[domain]) to an organizational unit with the supported Authentication Settings. Then, start onboarding Gmail or Google Drive again.
-
Create a new dedicated organizational unit with the supported Authentication Settings and move the service user (cloud-sec-av@[domain]) to the organizational unit. Then, start onboarding Gmail or Google Drive again.