Creating a personal Google Cloud project

To add your Google Workspace organization to the Cyber Protection service by using a dedicated Google Cloud project, you need to do the following:

1. Create a new Google Cloud project.

2. Enable the required APIs for this project.

3. Configure the credentials for this project:

   1. Configure the OAuth consent screen.

   2. Create and configure the service account for the Cyber Protection service.

4. Grant the new project access to your Google Workspace account.

To create a new Google Cloud project

1. Sign in to the Google Cloud Platform (console.cloud.google.com) as a Super Administrator.

2. In the Google Cloud Platform console, click Select a project > New project.

3. Specify a name for your new project.

4. Click Create.

As a result, your new Google Cloud project is created.

To enable the required APIs for this project

1. In the Google Cloud Platform console, select your new project.

2. From the navigation menu, select APIs & Services > Dashboard.

3. Disable all the APIs that are enabled by default in this project, one by one:

   1. Scroll down the Dashboard page, and then click the name of an enabled API.
      The Overview page of the selected API opens.

   2. Click Disable API, and then confirm your choice by clicking Disable.

   3. Go back to APIs & Services > Dashboard, and disable the next API.

4. From the navigation menu, select APIs & Services > Library.

5. In the API library, enable the following APIs, one by one:

   • Gmail API

   • Google Drive API

   • Admin SDK

   • Google Calendar API

   • People API

   Use the search bar to find the required APIs. To enable an API, click its name, and then click Enable. To search for the next API, go back to the API library, by selecting APIs & Services > Library from the navigation menu.

To configure the OAuth consent screen

1. From the navigation menu in the Google Cloud Platform, select APIs & Services > OAuth consent screen.

2. In the window that opens, select Internal for user type, and then click Create.

3. In the App name field, specify a name for your application.

4. In the User support email field, enter the Super Administrator email.

5. In the Developer contact information field, enter the Super Administrator email.

6. Leave all other fields blank, and then click Save and continue.

7. On the Scopes page, click Save and continue, without changing anything.

8. On the Summary page, verify your settings, and then click Back to dashboard.

To create and configure the service account for the Cyber Protection service

1. From the navigation menu in the Google Cloud Platform, select IAM & Admin > Service accounts.

2. Click Create service account.

3. Specify a name for the service account.

4. Specify a description for the service account.

5. Click Create.

6. Do not change anything in the Grant this service account access to the project and Grant users access to this service account steps.

7. Click Done.
   The Service accounts page opens.

8. On the Service accounts page, select the new service account, and then under Actions, click Edit.

9. Expand the Show domain-wide delegation section, and then select the Enable Google Workspace domain-wide delegation check box.

10. Under Keys, click Add key > Create new key, and then select the JSON key type.

11. Click Create.

    As a result, a JSON file with the private key of the service account is automatically downloaded to your machine. Store this file securely because you need it to add your Google Workspace organization to the Cyber Protection service.

To grant the new project access to your Google Workspace account

1. From the navigation menu in the Google Cloud Platform, select APIs and Services > Credentials.

2. In the OAuth 2.0 Client IDs section, under Client ID, copy the client ID of your service account client.

3. Sign in to the Google Admin console (admin.google.com) as a Super Administrator.

4. From the navigation menu, select Security > API controls.

5. Scroll down the API controls page, and then under Domain-wide delegation, click Manage domain-wide delegation.
   The Domain-wide delegation page opens.

6. On the Domain-wide delegation page, click Add new.
   The Add a new client ID window opens.

7. In the Client ID field, enter the client ID of your service account client.

8. In the OAuth scopes field, add the following scopes, one by one:

   • https://mail.google.com

   • https://www.googleapis.com/auth/contacts

   • https://www.googleapis.com/auth/calendar

   • https://www.googleapis.com/auth/admin.directory.user.readonly

   • https://www.googleapis.com/auth/admin.directory.domain.readonly

   • https://www.googleapis.com/auth/drive

   • https://www.googleapis.com/auth/gmail.modify

9. Click Authorise.

As a result, your new Google Cloud project can access the data in your Google Workspace account. To back up the data, you need to link this project to the Cyber Protection service. For more information on how to do this, refer to To add a Google Workspace organization by using a dedicated personal Google Cloud project

If you need to revoke the access of your Google Cloud project to your Google Workspace account, and respectively the access of the Cyber Protection service, delete the API client that your project uses.

To revoke access to your Google Workspace account

1. In the Google Admin console (admin.google.com), sign in as a Super Administrator.

2. From the navigation menu, select Security > API controls.

3. Scroll down the API controls page, and then under Domain-wide delegation, click Manage domain-wide delegation.
   The Domain-wide delegation page opens.

4. On the Domain-wide delegation page, select the API client that your project uses, and then click Delete.
   As a result, your Google Cloud project and the Cyber Protection service will not be able to access your Google Workspace account and back up the data in it.