CSE Integration Guideline

Enable Google Workspace Client-side Encryption (CSE) with Oten KMS

Audience: Workspace Admin / Oten KMS Admin Purpose: Connect your Google Workspace with Oten KMS and Oten IDP so your users can encrypt and access client-side encrypted files (Docs, Sheets, Slides, Drive, Gmail, Meet, Calendar) using your organization-owned encryption keys.

Overview

Set up Oten KMS KACLS Service for Google Workspace

Start Using Oten KMS for Business – Set Up an Oten Business Account

Step 1: Create an Oten Business Account

1. Sign up for an Oten Business account.

2. Create or select an Oten Organization.

3. Ensure at least one workspace is created within the organization.

Step 2: Enable Oten KMS for Your Workspace

1. Log in to the Oten Portal using your Oten IDP account.

2. Navigate to Oten KMS Settings.

3. Activate Oten KMS for your organization or selected workspace.

4. Create initial encryption keys (default KEK).

Step 3: Retrieve Required Configuration Information

From the Oten KMS → CSE Configuration page, copy the following:

• Oten IDP URL

• Client ID

• Oten KMS KACLS Service URL

You will use these values in the Google Admin Console.

Oten KMS – Google Workspace CSE Integration

Step 4: Configure Google Workspace for CSE

1. Log in to admin.google.com with a Google Workspace Admin account.

2. Ensure your Google Workspace is on an Enterprise plan that supports CSE.

3. Navigate to:

   Copy

   Security → Data → Compliance → Client-side encryption

4. Configure:

   • Identity Provider (IDP) using the Oten IDP URL

   • Key Access Control List Service (KACLS) using the Oten KMS KACLS URL

Step 5: Verify & Start Using Encrypted Files

1. Create or open a Google Docs/Sheets/Drive file.

2. Enable Client-Side Encryption.

3. Confirm that encryption keys are managed via Oten KMS.

4. View encrypted file activity in the Oten KMS Portal.

✅ You’re ready to use Google CSE with Oten KMS