Creating a personal Google Cloud project

To add your Google Workspace organization to the Cyber Protection service by using a dedicated Google Cloud project, you need to do the following:

  1. Create a new Google Cloud project.
  2. Enable the required APIs for this project.

  3. Configure the credentials for this project:

    1. Configure the OAuth consent screen.

    2. Create and configure the service account for the Cyber Protection service.

  4. Grant the new project access to your Google Workspace account.
This topic contains a description of third-party user interface that might be subject to change without prior notice.

To create a new Google Cloud project

  1. Sign in to the Google Cloud Platform (console.cloud.google.com) as a Super Administrator.

  2. In the Google Cloud Platform console, click the project picker in the upper-left corner.

  3. In the screen that opens, select an organization, and then click New project.

  4. Specify a name for your new project.
  5. Click Create.

As a result, your new Google Cloud project is created.

To enable the required APIs for this project

  1. In the Google Cloud Platform console, select your new project.
  2. From the navigation menu, select APIs and services > Enabled APIs and services.

  3. Disable all the APIs that are enabled by default in this project, one by one:

    1. Scroll down the Enabled APIs and services page, and then click the name of an enabled API.
      The API/Service details page of the selected API opens.

    2. Click Disable API, and then confirm your choice by clicking Disable.

    3. [If prompted] Confirm your choice by clicking Confirm.

    4. Go back to APIs and services > Enabled APIs and services, and disable the next API.

  4. From the navigation menu, select APIs and services > Library.

  5. In the API library, enable the following APIs, one by one:

    • Admin SDK API

    • Gmail API

    • Google Calendar API

    • Google Drive API

    • Google People API

    Use the search bar to find the required APIs. To enable an API, click its name, and then click Enable. To search for the next API, go back to the API library, by selecting APIs and services > Library from the navigation menu.

To configure the OAuth consent screen

  1. From the navigation menu in the Google Cloud Platform, select APIs and services > OAuth consent screen.
  2. In the window that opens, select Internal for user type, and then click Create.
  3. In the App name field, specify a name for your application.
  4. In the User support email field, enter the Super Administrator email.
  5. In the Developer contact information field, enter the Super Administrator email.
  6. Leave all other fields blank, and then click Save and continue.
  7. On the Scopes page, click Save and continue, without changing anything.
  8. On the Summary page, verify your settings, and then click Back to dashboard.

To create and configure the service account for the Cyber Protection service

  1. From the navigation menu in the Google Cloud Platform, select IAM & Admin > Service accounts.
  2. Click Create service account.
  3. Specify a name for the service account.

  4. Specify a description for the service account.

  5. Click Create and continue.
  6. Do not change anything in the Grant this service account access to the project and Grant users access to this service account steps.

  7. Click Done.

    The Service accounts page opens.

  8. On the Service accounts page, select the new service account, and then under Actions, click Manage keys.
  9. Under Keys, click Add key > Create new key, and then select the JSON key type.

  10. Click Create.

    As a result, a JSON file with the private key of the service account is automatically downloaded to your machine. Store this file securely because you need it to add your Google Workspace organization to the Cyber Protection service.

To grant the new project access to your Google Workspace account

  1. From the navigation menu in the Google Cloud Platform, select IAM & AdminService Accounts.
  2. In the list, find the service account that you created, and then copy the client ID that is shown in the OAuth 2.0 Client ID column.
  3. Sign in to the Google Admin console (admin.google.com) as a Super Administrator.
  4. From the navigation menu, select SecurityAccess and data control > API controls.
  5. Scroll down the API controls page, and then under Domain-wide delegation, click Manage domain-wide delegation.
    The Domain-wide delegation page opens.

  6. On the Domain-wide delegation page, click Add new.

    The Add a new client ID window opens.

  7. In the Client ID field, enter the client ID of your service account client.

  8. In the OAuth scopes field, copy and paste the following comma-delimited list of scopes:

    https://mail.google.com,https://www.googleapis.com/auth/contacts,https://www.googleapis.com/auth/calendar,https://www.googleapis.com/auth/admin.directory.user.readonly,https://www.googleapis.com/auth/admin.directory.domain.readonly,https://www.googleapis.com/auth/drive,https://www.googleapis.com/auth/gmail.modify

    Alternatively, you can add the scopes one per line:

    • https://mail.google.com
    • https://www.googleapis.com/auth/contacts
    • https://www.googleapis.com/auth/calendar
    • https://www.googleapis.com/auth/admin.directory.user.readonly
    • https://www.googleapis.com/auth/admin.directory.domain.readonly
    • https://www.googleapis.com/auth/drive
    • https://www.googleapis.com/auth/gmail.modify

  9. Click Authorise.

As a result, your new Google Cloud project can access the data in your Google Workspace account. To back up the data, you need to link this project to the Cyber Protection service. For more information on how to do this, refer to To add a Google Workspace organization by using a dedicated personal Google Cloud project.

If you need to revoke the access of your Google Cloud project to your Google Workspace account, and respectively the access of the Cyber Protection service, delete the API client that your project uses.

To revoke access to your Google Workspace account

  1. In the Google Admin console (admin.google.com), sign in as a Super Administrator.

  2. From the navigation menu, select Security > Access and data controlAPI controls.

  3. Scroll down the API controls page, and then under Domain-wide delegation, click Manage domain-wide delegation.
    The Domain-wide delegation page opens.

  4. On the Domain-wide delegation page, select the API client that your project uses, and then click Delete.
    As a result, your Google Cloud project and the Cyber Protection service will not be able to access your Google Workspace account and back up the data in it.