Provisioning a Service Account for Google Drive

Provision a service account for Google Drive to allow Cloud App Security to scan files stored in Google Drive. Cloud App Security uses the service account to run advanced threat protection and data loss prevention scanning on files in Google Drive.

The steps outlined below detail how to provision a service account for Google Drive from the pop-up wizard that appears at your first logon.

  1. Install the Cloud App Security application.
    1. Visit
    2. Click INSTALL.

      A new window appears for you to sign in to Google.

    3. Specify your Google administrator credentials, and click Next and then CONTINUE.

      An authorization screen appears.

    4. Select I agree to the application's Terms of Service and G Suite Marketplace Terms of Service and click Accept to start installation.

      The application is successfully installed.

  2. Log on to the Cloud App Security management console.
  3. In the pop-up wizard, select Google Drive as the service to protect.
  4. On the Provision Service Account for Google Drive screen, click Click here.
  5. In the new windows that appears, click your Google administrator account.
  6. On the authorization screen, click Allow.
  7. Go back to the Cloud App Security management console as instructed and click Done.

    Cloud App Security then retrieves your Google Drive user and organization unit information, including the user ID, user name, user email address, organization unit ID, and organization unit name. The time required depends on how many users and organization units you have in Google Drive.

    Cloud App Security generates a quarantine folder (trendmicro_cas_quarantine__dont_change_or_delete) and a temporary folder (trendmicro_cas_temp__dont_change_or_delete) in the Google Drive administrator's root directory. The quarantine folder can be accessed only by the administrator, while the temporary folder can be edited by all users.


    Cloud App Security renames the files in the quarantine folder. Each file is prefixed with RANDOM_UUID, which is a unique string randomly generated by Cloud App Security. For example, some_file.doc will be renamed ecdd6cc3-58d4-42a4-831a-e39bcbc1c8d5_some_file.doc.

    The temporary folder stores quarantined files before they are moved to the quarantine folder and restored files before they are moved back to their original locations.

  8. Hover over the ring icon in the upper-right corner of the management console.

    If the message "Google Drive protected." appears on the Notifications screen, the provisioning is successful.


    To avoid unnecessary notifications, all users must exclude the temporary folder (trendmicro_cas_temp__dont_change_or_delete) from the synchronization list. Perform the following steps as a user:

    1. Locate and click the Google Drive tray icon on your desktop.

    2. Click Settings and choose Preferences.

    3. Click the Sync options tab and click Sync only these folders.

    4. Clear the check box of the temporary folder (trendmicro_cas_temp__dont_change_or_delete) in the box below.