Supported editions for this feature: Enterprise; Education Plus. Compare your edition
After you set up your external key service, you need to connect Google Workspace to the service.
Note: Once you connect Google Workspace to your key service, some apps' features aren't available. For details, see "CSE user experience" in About client-side encryption.
Connect Google Workspace to your external key service
Before you begin: Make sure you have the URL for your external key service, and check that the URL is accessible from the internet. For details, go to Set up your key service for client-side encryption.
-
Sign in to your Google Admin console.
Sign in using an account with super administrator privileges (does not end in @gmail.com).
- Go to Security
Client-side encryption.
- Click the External key service card to open it.
- Click Add external key service.
- Enter a name for your key service.
This name appears in some messages to users if Google Workspace can't access your external key service, so they'll know the problem is with the encryption service and not Drive.
- Enter the URL that your key service provided to you.
- To make sure Google Workspace can communicate with the external key service, click Test connection.
- To close the card, click Continue.
Changing your key service settings
To change your key service URL, contact Google Workspace support. You'll be able to change the URL in the Admin console in a later release.
If you request a change to the URL for your current key service, you can continue to access any files encrypted using that service.
Next steps...
Before your users can use CSE with Google services, you need to connect Google Workspace to your identity provider (IdP) for client-side encryption.
