Skip to main content
All CollectionsAdmin Help Center
How to Enable Lockwell's Workspace Security

How to Enable Lockwell's Workspace Security

Guide on enabling Lockwell's workspace security, so Lockwell can scan your company's cloud storage for insecurely shared files

Lockwell Support avatar
Written by Lockwell Support
Updated over a month ago

Lockwell's Workspace Security automatically scans your company's cloud storage for files that are shared insecurely, alerts you when any are found, and gives you insight to the cloud files used by your team.

You can see your team's workspace files on the Workspace Security page of the Lockwell web app.


Google Workspace Setup

Follow these steps to give Lockwell permission to scan your company's cloud storage for insecurely shared files:

Step 1: Sign in to Google Admin Console

  1. Navigate to the Google Admin Console: admin.google.com.

  2. Log in as a Super Administrator.

Step 2: Access API Controls

  1. In the Admin Console, go to Security.

  2. Under Access and data control, select API controls.

Step 3: Manage Domain-Wide Delegation

  1. Scroll to the Domain-wide delegation section.

  2. Click Manage Domain Wide Delegation.

Step 4: Edit or Add New Client ID

If an entry already exists with Lockwell's Client ID (i.e. you've already enabled the email firewall), simply edit the existing Client ID rather than creating a new one.

  1. Click Add new to create a new client ID.

  2. Enter the following Client ID:

    • Client ID: 110506756410672874520

Step 5: Enter OAuth Scopes

Domain Wide Delegation 0Auth Scope:

In the OAuth scopes field, enter the following scope that Lockwell's workspace security requires as of 03/14/2025: https://www.googleapis.com/auth/drive

Keep the 0Auth Scopes for:

User Sync = https://www.googleapis.com/auth/admin.directory.user.readonly

Email Firewall = https://mail.google.com/

Forensic Logs = https://www.googleapis.com/auth/admin.reports.audit.readonly

Outdated Workspace Security Scopes:

Please note that these are outdated 0Auth scopes and they should be replaced by the Domain Wide Delegation 0Auth scope above. Please delete:

  • OAuth Scope A: https://www.googleapis.com/auth/drive.readonly

  • OAuth Scope B: https://www.googleapis.com/auth/drive.metadata.readonly

Step 6: Authorize the Application

  1. Once you have entered the Client ID and OAuth scope, click Authorize to save the configuration.

Congrats, Lockwell can now publish forensic audit logs when your team uses their Google Workspace account to sign into a service, aka a "SaaS sign in"! You can see your team's audit logs on the Forensics page of the Lockwell web app.

Workspace security is currently only available for customers on Google Workspace. Microsoft 365 support for scanning your OneDrive cloud storage is coming soon!

Related Articles
How to Resolve Google Error 400 and Add Trusted Apps to Google Workspace
How to Enable Lockwell's Email Firewall
How to Give Lockwell Permissions to Sync Users From Your Workspace
How to Fully Enable Lockwell's Audit Logs
How to Resolve Unsecured Files Discovered in Google Workspace with Lockwell
Did this answer your question?