Scribd
Upload
67 views13 pages

Google Workspace Account Setupcstmr

Uploaded by

cloudy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
67 views13 pages

Google Workspace Account Setupcstmr

Uploaded by

cloudy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 13

Fortimail Google Workspace Account Setup

Author: Ya Luo, FortiMail QA


last update Dec 2022, v7.4b492

Test Purpose:
Fortimail is able to do real-time and on-demand scanning once you have linked your Google Workspace
account to the FortiMail unit. Similar to scan MS365 by Graph API integration, support to scan Google
emails/Google Workspace (G Suite) by its REST API under same MS365 view mode. In order to do real-
time scanning with Fortimail, your FortiMail unit must be reachable by hostname (not IP address) with a
valid CA signed certificate and following steps below to setup if you do not have a Google Workspace
admin account.

This article shows how to provision a Google Workspace account to the Fotimail.

Note: The feature has been merged into v7.4b492.

Configure Steps:
1. Login on google cloud https://cloud.google.com with your account, click ‘console’ or go to
‘console’ and then create a new project.
2. Switch to the new project you created and then go to ‘APIs & Service’, click 'enable apis
services'. Search and enable 'admin sdk api', 'gmail api' and 'cloud pub/sub api'.
3. Then go to 'apis & services > oauth consent screen',
4. Select 'internal' and create, enter name and contact email, save and continue, add below scopes
then save and continue:

5. Then under scopes, click ‘add or remove scopes’ and select below scopes and update:

https://mail.google.com/
https://www.googleapis.com/auth/admin.directory.user.readonly
https://www.googleapis.com/auth/admin.directory.domain.readonly
https://www.googleapis.com/auth/pubsub
6. After added, you can find three scopes here and click ‘save and continue’:
7. Go to 'apis & services > credentials' : click 'create credentials', select 'service account', enter
name&account ID, and click 'create and continue', then 'done'.
8. Choose your service account and go to 'keys' of the new account, click 'add key'.

9. Click 'create new key', choose 'json' and 'create' and store the json file securely.
10. Go to 'details' of the new account, expand 'advanced settings', copy the client id, click 'view
google workspace admin console', sign in as super admin.

11. Go to 'security > access and data control > api controls', click 'manage domain wide delegation'
and 'add new'.
12. Enter the copied client id and four scopes, click 'authorize':

https://mail.google.com/
https://www.googleapis.com/auth/admin.directory.user.readonly
https://www.googleapis.com/auth/admin.directory.domain.readonly
https://www.googleapis.com/auth/pubsub
13. Last but not least, in order to add the account into the fortimail unit, we need switch to 'microsoft
365 & Google Workspace' view, and go to 'system > account', then click 'new...'. Select 'Google
Workspace' type, enter your admin email and description, copy and pase the json file content
which was saved just now into 'json content'.

You might also like