Skip to main content
All CollectionsAdmin Help Center
How to Enable Lockwell's Workspace Security
How to Enable Lockwell's Workspace Security

Guide on enabling Lockwell's workspace security, so Lockwell can scan your company's cloud storage for insecurely shared files

Lockwell Support avatar
Written by Lockwell Support
Updated this week

Lockwell's Workspace Security automatically scans your company's cloud storage for files that are shared insecurely, alerts you when any are found, and gives you insight to the cloud files used by your team.

You can see your team's workspace files on the Workspace Security page of the Lockwell web app.


Google Workspace Setup

Follow these steps to give Lockwell permission to scan your company's cloud storage for insecurely shared files:

Step 1: Sign in to Google Admin Console

  1. Navigate to the Google Admin Console: admin.google.com.

  2. Log in as a Super Administrator.

Step 2: Access API Controls

  1. In the Admin Console, go to Security.

  2. Under Access and data control, select API controls.

Step 3: Manage Domain-Wide Delegation

  1. Scroll to the Domain-wide delegation section.

  2. Click Manage Domain Wide Delegation.

Step 4: Edit or Add New Client ID

If an entry already exists with Lockwell's Client ID (i.e. you've already enabled the email firewall), simply edit the existing Client ID rather than creating a new one.

  1. Click Add new to create a new client ID.

  2. Enter the following Client ID:

    • Client ID: 110506756410672874520

Step 5: Enter OAuth Scopes

If an OAuth scope already exists for Lockwell's Client ID (i.e. for the email firewall), simply add this as an additional OAuth scope.

  1. In the OAuth scopes field, enter the following two scopes that Lockwell's workspace security requires:

    • OAuth Scope 1: https://www.googleapis.com/auth/drive.readonly

    • OAuth Scope 2: https://www.googleapis.com/auth/drive.metadata.readonly

Both scopes are required for Lockwell's workspace security to function correctly!

Step 6: Authorize the Application

  1. Once you have entered the Client ID and OAuth scope, click Authorize to save the configuration.

Congrats, Lockwell can now publish forensic audit logs when your team uses their Google Workspace account to sign into a service, aka a "SaaS sign in"! You can see your team's audit logs on the Forensics page of the Lockwell web app.

Workspace security is currently only available for customers on Google Workspace. Microsoft 365 support for scanning your OneDrive cloud storage is coming soon!

Related Articles
How to Resolve Google Error 400 and Add Trusted Apps to Google Workspace
How to Enable Lockwell's Email Firewall
How to Give Lockwell Permissions to Sync Users From Your Workspace
How to Fully Enable Lockwell's Forensic Audit Logs
How to Resolve Unsecured Files Discovered in Google Workspace with Lockwell
Did this answer your question?