Supported editions for this feature: Enterprise; Education Plus. Compare your edition
After you set up your external key service, you need to connect Google Workspace to the service.
Connect Google Workspace to your external key service
Before you begin: Make sure you have the URL for your external key service, and check that the URL is accessible from the internet. For details, go to Set up your key service for client-side encryption.
-
Sign in to your Google Admin console.
Sign in using an account with super administrator privileges (does not end in @gmail.com).
- Go to Security
Client-side encryption.
- Click the External key service card to open it.
- Click Add external key service.
- Enter a name for your key service.
This name appears in some messages to users if Google Workspace can't access your external key service, so they'll know the problem is with the encryption service and not Drive.
- Enter the URL that your key service provided to you.
- To make sure Google Workspace can communicate with the external key service, click Test connection.
- To close the card, click Continue.
If you change your key service settings...
If necessary, you can change the URL for your current key service and continue to access any files encrypted using that service.
Next steps...
Before your users can use CSE to encrypt Drive files, you need to connect Google Workspace to your identity provider (IdP) for client-side encryption.
