Activating Google Workspace (Gmail and Google Drive)

Prerequisites

To activate Google Workspace, you must have these:

  • You have the Administrator access to activate Google Workspace.

  • Additional Google Workspace license to integrate with Avanan. (Integration is not supported for clients on the free G-Suite license tiers.)

  • You have the minimum supported SaaS license. See Minimum License Requirements to Activate SaaS Applications.

  • If you use GCDS (Google Cloud Directory Sync) to synchronize your user groups on-premises and in the cloud, before activating Google Workspace, you must create exclusion rules for these user groups.

    • avanan_inline_policy

    • avanan_inline_outgoing_policy

    • avanan_monitor_policy

    • avanan_monitor_outgoing_policy

    For more information, see User Groups.

By default, the Google Chrome browser authenticates the signed-in Chrome user in Google Workspace instead of a selected account. To see if you are signed in to Google Chrome, look for the user name in the browser's top-right corner.

Possible workarounds:

  • Perform the Google Workspace activation using a non-Chrome browser.

  • Sign out (switch to Guest) any logged-in Chrome user before you continue.

While onboarding Google Workspace (Gmail / Google Drive), Avanan creates a service user (cloud-sec-av@[domain]) in the root organizational unit.

Before onboarding, make sure that these settings are selected in your Google Admin Console.

  • Go to Authentication Settings of the root organizational unit and check these settings.

    • The Allow users to turn on 2-Step Verification check-box is selected.

    • If the Only security key option is selected, do not select the Don't allow users to generate security codes option.

Note:

If the Authentication Settings are not supported, onboarding fails. To resolve this issue, do one of these.

  • If you want to keep the unsupported Authentication Settings of your root organizational unit, move the service user (cloud-sec-av@[domain]) to an organizational unit with the supported Authentication Settings. Then, start onboarding Gmail or Google Drive again.

  • Create a new dedicated organizational unit with the supported Authentication Settings and move the service user (cloud-sec-av@[domain]) to the organizational unit. Then, start onboarding Gmail or Google Drive again.