SaaS Security - Gmail - Integration


The Avanan Gmail V2 integration requires an additional configuration of Exclusion Rules for customers using GCDS. Avanan automatically creates and manages 4 Google Groups upon authorization of the Gmail App.

Before Activating Google Workspace

  • You must have administrator access to activate Google Workspace.
  • You must have an additional Google Workspace license to integrate with Avanan.
  • If MFA is activated by default for all the global administrators in your organization, change the setting before onboarding in Avanan.
  • If you use GCDS (Google Cloud Directory Sync) to synchronize your user groups on-premises and in the cloud, you must create exclusion rules before activating Google Workspace. See below to configure GCDS exclusion rules.

Activating Gmail

To activate Gmail:

  1. Navigate to Configuration > SaaS Applications.
  2. Click Start for Gmail.
  3. Enable the I Accept Terms Of Service checkbox.
  4. If you need to limit the license consumption and protection to a specific group of users:
    1. Enable the Restrict inspection to a specific group (Groups Filter) checkbox and click OK.
    2. In the Gmail - Group Selection pop-up, select Specific group.
    3. Enter the group name you need to protect with Avanan.
      Note - The group name must have an associated email address.
    4. Click OK.
  5. Log in to the Google Workspace Marketplace using your Google administrator credentials.
  6. After successful authentication, you will be redirected to the Avanan Cloud Security app installation page.
    Click Admin Install.
  7. In the Admin install pop-up that opens, click Continue.
  8. Avanan Cloud Security app requests permission to access your data.
    Select Everyone at you organization, accept the terms of service and click Finish.
  9. Click Google-app  in the Google Workspace Marketplace. Scroll down and select the Avanan Cloud Security app.
    If prompted, enter the Google administrator credentials, and you are redirected to the Avanan portal.
    Note - After installing the Avanan Cloud Security app, a new Super Admin account is created in
    your Google Admin console.
  10. Navigate to Configuration > SaaS Applications and click Start for Gmail.
    After successful authentication, Avanan starts scanning the users and emails from Gmail.

GCDS Exclusion Rules


Configuration Steps

  1. Go to Google Domain Configuration.
  2. Go to Exclusion Rules.
  3. Create Exclusion Rules, each with:
    • Type: Group Email Address
    • Match Type: Exact Match
    Note - The group email address should be in the groupname@[domain] format.
    For more details, see exclusion rules.
  4. As you create the Exclusion Rules, add the email addresses below to each. (1 email/Exclusion Rule; 4 Rules in total):
    1. avanan_inline_policy@DOMAIN.COM
    2. avanan_inline_rule@DOMAIN.COM
    3. avanan_monitor_policy@DOMAIN.COM
    4. avanan_monitor_rule@DOMAIN.COM
  5. Save and Sync for the changes to take effect.
  6. You may now authorize Gmail without the Google Groups getting deleted.
    • If you’ve already authorized and your Groups were deleted, then ask Support to recreate the Groups for you.