Cloud Scan integration for Google Workspace

This article is for Cloud/Tech Administrators.

Cloud Scan inspects your cloud storage for concerning content and lets your chosen staff members determine if a photo is safe or if further action is required. This article provides instructions for setting up Cloud Scan integration for Google Workspace.

Important

While Cloud Scan lets you scan and review concerning materials saved in users’ cloud storage, ensure all parties using Cloud Scan are familiar with policies, local laws, and regulations on acceptable use of technology, privacy, information security, and intellectual property. Also, ensure all Safeguarding Leads, IT support, staff, and students know Cloud Scan integration and its purpose. See Preparing for Your First Cloud Scan Results for more information.

Before you start

  • Create a user account for Cloud Scan in Google Workspace. This user account will be used only by Cloud Scan and must be able to manage users and groups in Google Workspace (for example, as a Groups Administrator). See Options for adding users.

    Important

    While the Cloud Scan user account has edit permission for users and groups in Google Workspace, Cloud Scan cannot change your Google Directory configuration.

  • Keep a copy of the email address used to add the Cloud Scan user account to Google Workspace.
  • Assign the Groups Admin role to the new Cloud Scan account in Google Workspace. See Groups Admin.
  • Turn on Google Drive for the Cloud Scan user account so it can access Google Drive folders. See Turn a service on or off for Google Workspace users.
  • Set up Smoothwall or Linewize Groups in the Admin Panel.

Step 1: Set up the integration

    1. Sign in to Smoothwall or Linewize portal, then select Admin Panel.
    2. Select Cloud Scan Integration on the left navigation.
    3. Select Set up Integration at the bottom right of the screen.

      Note

      The “Set up Integration” button is inactive while there is an incomplete integration.

mon-gui-147_integration list.png

Image 1. Select Set up Integration.

  1. Select your storage type (Google), then Confirm your selection.

Step 2: Configure the integration

  1. Provide your Google Cloud storage details.
    1. Enter a descriptive name for the integration to distinguish it from other integrations.
    2. Enter the email address of the Cloud Scan user account you created in Google Workspace (see Step 1 of Before you start).
  2. Under Tenants and Groups, select the tenants you include in the Cloud Scan integration.
    1. Choose All Tenants to automatically add all tenants.
    2. Choose Selected tenants to add only certain tenants manually.

mon-gui-147_select tenants and groups.png

Image 2: Select the tenants you want to add to the integration.

  1. Assign at least one group specific to the tenant you’ve added.

    Note

    Having tenant-specific groups ensures that only associated schools or organisations can see their groups’ data. See our guide for setting up groups.

mon-gui-147_add groups to tenants.png

Image 3. Add at least one group to each tenant.

  1. (Required) Under Safeguarding Contacts, select or enter the name of at least one Safeguarding Contact for each tenant.

    Note

    Safeguarding Contacts can view Cloud Scan results and review and action images for deletion or retention.

  2. Select Save integration.

    Note

    The Save integration button is disabled (grey) until all mandatory fields (*) are complete.

Step 3: Authorise access to Google Cloud storage

  1. Sign in to Google Admin Console: admin.google.com.
  2. Go to Security > Access and data control > API controls.
  3. Select Manage Domain Wide Delegation, then Add new.
  4. Copy the Content Scanning Service Account ID on your portal and paste it into the Client ID field. The Content Scanning Service Account ID is auto-generated for each integration.
  5. Copy and paste each of the following into an OAuth scopes line. This step allows Cloud Scan to read users and groups, and manage files in Google Drive.
    https://www.googleapis.com/auth/admin.directory.group.readonly
    https://www.googleapis.com/auth/admin.directory.user.readonly
    https://www.googleapis.com/auth/drive
  6. Select Authorize.
  7. Select your new entry and select View details.
  8. Verify the Client ID and the three scopes are displayed.
  9. Return to the Cloud Storage Integration screen to complete the integration.

Step 4: Complete the integration

Cloud Scan integration is complete only after a successful initial scan. You can complete the integration by selecting Start Scan to schedule your first scan within the next 24 hours, or select I’ll do it later and postpone the first scan to a later date.

Important

Organisations are responsible for ensuring that all users and staff adhere to policies, laws, and regulations on acceptable use of technology, information security, and privacy. For more information, see Preparing for Your First Cloud Scan Results.

Schedule your first scan

  1. (Required) Select the I confirm that I have followed the steps and completed the setup checkbox.
  2. Select Start scan.
  3. On the Start Cloud Scan prompt, select Start Scan.

Cloud Scan will schedule the initial scan within the next 24 hours. Scanning can take up to a few hours, depending on the number of images being scanned. The Safeguarding Contact will receive an email alert once scanning is complete.

Delay your first scan

  1. On the domain-wide delegation prompt, select I’ll do this later. The “Set up incomplete” indicator will appear for the integration.

mon-gui-147_setup incomplete.png

Image 4. The “Set up incomplete” indicator appears for the incomplete cloud integration.

  1. When you’re ready to scan your cloud storage, select the incomplete cloud integration.
  2. Review the Cloud Storage Integration details you entered in Step 2: Configure the integration and select Save Integration.
  3. Select the I confirm that I have followed the steps and completed the setup checkbox.
  4. Select Start Scan.

Cloud Scan will schedule the initial scan within the next 24 hours. Depending on the number of images being scanned, scanning can take a few hours. The Safeguarding Contact will receive an email alert once scanning is complete.

Was this article helpful?
0 out of 0 found this helpful
Share

Comments

0 comments

Please sign in to leave a comment.