הדף שביקשתם לא זמין בשלב זה בשפה שלכם. אפשר לבחור בשפה אחרת בחלק התחתון של הדף. לחלופין, באמצעות תכונת התרגום המובנית של Google Chrome תוכלו לתרגם מיד כל דף אינטרנט אל שפה לבחירתכם.

Turn client-side encryption on or off for users

Let's make sure you're in the right place. These steps are for admins who manage Gmail accounts for a company, school, or other group. Client-side encryption isn't available with your personal gmail.com account. 

Supported editions for this feature: Enterprise Plus; Education Standard and Education Plus. Compare your edition

As an administrator, you can turn on Google Workspace Client-side encryption (CSE) for users who need to create encrypted content with these services:

For this service... Turn on CSE for...
Google Drive

Users who need to create client-side encrypted documents, spreadsheets, and presentations or upload client-side encrypted files to Drive.

You don't need to turn on CSE for users who only view and edit files shared with them.

Gmail Users who need to send or receive encrypted messages.

Before you turn on CSE for Gmail: Make sure you enable the Gmail API and upload users' encryption keys. For details, go to Gmail only: Upload encryption keys for client-side encryption.

Google Calendar

Users who need to create client-side encrypted calendar events. You also need to turn on CSE for Drive and Meet for these users if you want them to attach client-side encrypted documents and host client-side encrypted meetings.

You don't need to turn on CSE for event invitees.

Google Meet

Users who need to host client-side encrypted online meetings.

You don't need to turn on CSE for other meeting participants.

 

For users who need to only view or edit encrypted content, make sure:

Before you begin

Expand section  |  Collapse all

Turn CSE on or off for users

To turn on CSE for users, you need to turn on CSE for the organizational units or configuration groups the users belong to. Once you turn on user access for CSE, users can choose whether to encrypt content.

When turning on CSE for an organizational unit, you can make CSE the default for Gmail, Google Drive, and Google Calendar—for both web and mobile apps. Requires having the Assured Controls or Assured Controls Plus add-on.

To prevent users from encrypting content, you can turn off CSE for the organizational units or configuration groups they belong to. If you turn off CSE for users, any existing client-side encrypted content remains encrypted and accessible.

You must be signed in as a super administrator for this task.

  1. Sign in with a super administrator account to the Google Admin console.

    If you aren’t using a super administrator account, you can’t complete these steps.

  2. Go to Menu and then Data > Compliance > Client-side encryption.
  3. Under Apps, click the name of the Google service for which you want to turn CSE on or off for users.

    Alternatively, under Encryption with external key service or Encryption with hardware keys, click Assign. Then, under Encryption by app, select the Google service for which you want to turn on CSE.

  4. In the left panel, select an organizational unit or group for which you want to turn CSE on or off.
  5. Under User access, select On or Off.
  6. In the pop-up message, confirm your selection.
  7. (Optional for organization units only) To encrypt Gmail, Drive, or Calendar content with the Google service by default, check the Enable client-side encryption by default box. Users will still have option to turn off encryption.
    Requires having the Assured Controls or Assured Controls Plus add-on.
  8. Click Override to keep your setting if the CSE settings for the parent organizational unit are changed.
  9. If Overridden is already set for the organizational unit, choose an option:
    • Inherit—Reverts to the same CSE setting as its parent.
    • Save—Saves your new CSE setting (even if the parent setting changes).

Changes can take up to 24 hours but typically happen more quickly. Learn more

If you turned on CSE for Gmail

For each user who will use CSE for Gmail, you need to prepare and upload their S/MIME certificates and encrypted private key metadata to Gmail. For details, go to Set up Gmail CSE for users.

If users have trouble using CSE

Check the Alert Center if users have trouble using CSE. For more information, go to Client-side encryption service unavailable.

האם המידע הועיל?

איך נוכל לשפר את המאמר?
11127078843511507694
true
חיפוש במרכז העזרה
true
true
true
true
true
73010
false
false
Search
Clear search
Close search
Main menu
false