This section describes how to provision Gmail. "Provisioning" means both creating a service account and the process by which Cloud App Security is granted the ability to access your Gmail environment.
Cloud App Security provisions the service account for Gmail through the OAuth 2.0 flow.
Cloud App Security allows only administrators assigned to the default Global administrator role to provision service accounts. For details about Cloud App Security role-based access control, see Administrator and Role.
Provision a service account for Gmail to allow Cloud App Security to run advanced threat protection and data loss prevention scanning on email messages in protected Gmail mailboxes.
The steps outlined below detail how to provision a service account for Gmail from Dashboard.
The Provision Service Account for Gmail screen appears.
The Trend Micro Cloud App Security application screen in the Google Workspace Marketplace appears.
If the Cloud App Security application is not installed:
Click Admin install.
A new window appears for you to sign in to Google.
Specify your Google Super Admin credentials, and click Next and then CONTINUE.
An authorization screen appears.
Choose who to install the app for.
Trend Micro recommends you select Everyone at your organization.
The application is successfully installed.
If the Cloud App Security application is already installed:
Log on to https://admin.google.com as a Google Super Admin.
Go to Apps > Google Workspace Marketplace apps > Apps list and click Trend Micro Cloud App Security.
Click Grant access in the Data Access section.
Granted appears on the screen.
Cloud App Security then synchronizes your Gmail user and group information. The time required depends on how many users and groups you have in Gmail.
If the message "Gmail protected." appears on the Notifications screen, the provisioning is successful.
If for some reason the access token becomes invalid, a notification appears on Dashboard. Cloud App Security also sends an email message to notify the administrator of this event. To continue using the service account, go to Administration > Service Account to create a new access token. For more information, see Service Account.