Automate - Vault Collections QuickStart
The material in this document is for informational purposes only. This guide assumes that the most recent version of Rampiva Automate is in use unless otherwise noted in the prerequisites. The products it describes are subject to change without prior notice, due to the manufacturer’s continuous development program. Rampiva makes no representations or warranties with respect to this document or with respect to the products described herein. Rampiva shall not be liable for any damages, losses, costs or expenses, direct, indirect or incidental, consequential or special, arising out of, or related to the use of this material or the products described herein.
Introduction
This article describes the steps required to configure Rampiva Automate for running a Vault collection and downloading the data locally.
Prerequisites
Rampiva Automate v8.2 or later (see https://rampiva.atlassian.net/wiki/spaces/KB/pages/1380286472)
Nuix Neo license with Google Collections
Google Workspace subscription with access to Google Vault
Google Workspace account with Google Vault privileges
Google Workspace account with permissions to create and manage a project in Google Cloud
Instructions
A. Create the Google Cloud Project in Google Cloud
| 1 | Browse to the Google Cloud console at https://console.cloud.google.com/ and login with a Google Workspace administrative user account. |  |
| 2 | Select the Resource dropdown at the top left. | |
| 3 | Click New Project. | |
| 4 | Provide the name Rampiva Automate. |  |
| 5 | Select the Organization and Location for the project. | |
| 6 | Click Create. | |
| 7 | After the project is created, select the project and navigate to the APIs & Services tab. Or, browse to https://console.cloud.google.com/apis and select the newly created Rampiva Automate project.
| |
| 8 | Select the Enabled APIs & services tab. | |
| 9 | Click Enable APIs and Services.
| |
| 10 | Enable the following APIs and services:
APIs and services are used to help setup and run Vault collections. They are used to list the users, groups, organization units, shared drives and chat spaces that can be collected. Rampiva will attempt to list them with the Delegated permission of a user logged in to the Vault Third-Party Service. | |
| 11 | Select the OAuth consent screen tab. | |
| 12 | Select the user type Internal. | |
| 13 | Click Create. | |
| 14 | Edit the app registration. | |
| 15 | Under App information, provide the app name Rampiva Automate. | |
| 16 | Select a user support email. | |
| 17 | Optionally, provide an App logo, App domain and Authorized domains. | |
| 18 | Provide one or more email addresses in the Developer contact information. | |
| 19 | Click Save and Continue. | |
| 20 | Click Add or Remove Scopes, then add the following scopes:
| |
| 21 | Click Save and Continue. | |
| 22 | Verify the Summary. |
|
| 23 | Select the Credentials tab. | |
| 24 | Click Create Credentials. | |
| 25 | Select OAuth client ID. | |
| 26 | Select the Application type Web application. | |
| 27 | Name the OAuth 2.0 client Rampiva Automate. | |
| 28 | Add an Authorized redirect URI, with the value http://localhost/api/v1/users/oidcResponse This Redirect URI configuration will be used for logging in with Google Workspace accounts when browsing to Rampiva Automate from the local server. If Rampiva Automate is configured to be accessible using a public domain name (for example https://rampiva-automate-globexinc.net), update the Redirect URI configuration to reflect this, for example: https://rampiva-automate-globexinc.net/api/v1/users/oidcResponse | |
| 29 | Click Create. | |
| 30 | After the OAuth client is created, take note of the Client ID and the Client secret. | |
| 31 | Click OK. |
B. Configure the Google Chat API in Google Cloud
| 1 | The Google Chat API needs to be configured before it can be used to list chat spaces and memberships. See https://developers.google.com/workspace/chat/configure-chat-api for more details. |
|
| 2 | Browse to the Google Cloud APIs & Services at https://console.cloud.google.com/apis with the Google Cloud project created in the previous section. | |
| 3 | Select the Google Chat API. | |
| 4 | Select the Configuration tab. |
|
| 5 | Name the App Rampiva Automate. | |
| 6 | Fill in the Avatar URL with the default value https://developers.google.com/chat/images/chat-product-icon.png, or provide a URL to a custom avatar image. | |
| 7 | Fill in the Description. | |
| 8 | Provide an App URL https://example.com/automate-chat, where example.com is the name of your domain. | |
| 9 | Verify the other optional settings. | |
| 10 | Click Save. |
C. Configure the Google OIDC Authentication and Vault Service in Rampiva Automate
| 1 | Browse to Rampiva Automate. |
|
| 2 | Select the Settings tab. | |
| 3 | Select the Authentication Services tab. | |
| 4 | Click Add+ OIDC Authentication Service. | |
| 5 | Name the service Google Workspace - example.com, where example.com is the name of your domain. | |
| 6 | Fill out the Well-Known Configuration URI with the value https://accounts.google.com/.well-known/openid-configuration | |
| 7 | Fill out the Scope with the value openid profile email offline_access | |
| 8 | Fill out the Username Claim with the value email | |
| 9 | Fill out the Client ID and Client Secret with the values recorded from the previous section. | |
| 10 | Leave the Enable Authentication option enabled. | |
| 11 | Click Add Service. | |
| 12 | Select the Third-Party Services tab. | |
| 13 | Click Add+ Google Vault Service. | |
| 14 | Name the service Google Vault - example.com, where example.com is the name of your domain. | |
| 15 | Set the authentication Scope to either:
| |
| 16 | Select the authentication Service Google Workspace - example.com create previously. | |
| 17 | Click Add Service. | |
| 18 | In the newly created Vault Service view, open the menu and select Sign In User.
| |
| 19 | Complete the Google Workspace account sign in with a user account that has the required Google Vault privileges.
See https://support.google.com/vault/answer/2799699?hl=en#step_2 for more details. | |
| 20 | Expand the Log section to confirm that the authentication was successful and that no warning messages are shown. |