Configure Cloud Applications to Use with API-Based Data Protection

Application	Content Type	Data at Rest	Event- Based	Shared Links	Supported Activities
SaaS Applications
Asana	Workspaces, projects, milestones, tasks, subtasks, comments, messages, attachments	Yes	Yes	NA	file-attach comment
Box	Files, folders, comments	Yes	Yes	Yes	file-share file-upload file-delete comment
Cisco Webex Teams	Files, messages	No	Yes	NA	space-join meeting-join file-send message-send
Citrix ShareFile	Files, folders	Yes	Yes	Yes	file-share file-upload file-delete
Confluence	Pages, blogs, comments, attachments	Yes	Yes	NA	file-attach content-activity
Dropbox	Files, folders	Yes	Yes	Yes	file-share file-upload file-delete
Egnyte	Files, folders	Yes	Yes	Yes	file-share file-upload file-delete
GitHub	Repository, branch, files	Yes	Yes	NA	user-add repository-visibility-change file-commit file-delete
GitLab	Project, branch, files	Yes	Yes	NA	user-add project-visibility-change file-commit file-delete
Gmail	Email content, attachments	Yes	Yes	NA	message-body-send file-attachment-send message-body-receive file-attachment-receive
Google Drive	Files, folders	Yes	Yes	Yes	connected-apps file-share file-upload file-delete
Jira	Projects, issues, issue summary, description, comments, attachments	Yes	Yes	NA	file-attach content-activity
Microsoft OneDrive	Files, folders	Yes	Yes	Yes	file-share file-upload file-delete
Microsoft Outlook	Email content, attachments	Yes	Yes	NA	message-body-send file-attachment-send message-body-receive file-attachment-receive
Microsoft SharePoint	Files, folders	Yes	Yes	Yes	file-share file-upload file-delete
Microsoft Teams	Messages in channel and direct messaging, attachments handled by Microsoft OneDrive	Yes	Yes	NA	chat-join team-join message-send
Microsoft Yammer	Communities, storylines, posts, comments, replies, attachments handled by Microsoft Sharepoint	Yes	Yes	NA	content-activity
Notion	Pages, database, bookmark, bulleted list item, callout, code, equation, file, headings, image, numbered list item, paragraph, PDF, quote, toggle blocks	Yes	Yes	NA	file-attach content-activity
Salesforce	Files, attachments, libraries, Chatter posts, comments	Yes	Yes	NA	file-share file-upload content-activity file-delete
ServiceNow	Incident table and attachments	Yes	Yes	NA	file-attach content-activity
Slack	Channels, groups, DMs, messages, files	Yes	Yes	NA	channel-join message-send file-send
Trello	Workspaces, boards, lists, cards, comments, attachments	Yes	Yes	NA	file-attach content-activity
Workplace from Meta	Groups, posts, chat, files, events, knowledge library, notes, comments	Yes	Yes	NA	file-attach content-activity
Zendesk	Comment, attachment	Yes	Yes	NA	file-attach comment
Zoom	Messages and transcript	No	Yes	NA	meeting-join channel-join message-send file-send
IaaS Applications
Amazon Web Services	S3 buckets, files, folders	Yes	Yes	NA	file-upload file-delete
Google Cloud Platform	Projects, buckets, files, folders	Yes	Yes	NA	file-upload file-delete
Microsoft Azure	Storage accounts, containers, blobs	Yes	Yes	NA	file-upload file-delete
Oracle Cloud Infrastructure	Regions, compartments, buckets, objects	Yes	Yes	NA	file-upload file-delete

Asana API-Based Data Protection

This section describes how to configure the Asana application for API-DP.

Create the Asana Application for API-Based Data Protection

Log in to the Asana application with admin credentials at https://app.asana.com/-/login.
Click the drop-down list in the top right corner, and then click Settings.
Click Apps in the top menu bar of the settings window, and then click Manage Developer Apps.
Click Create New App in the new window. Enter the name, check the use cases, and agree to the terms and conditions.
Click Create App.

Configure the Asana Application for API-Based Data Protection

In the application window at https://app.asana.com/0/my-apps/<app-client-id>/settings, select OAuth in the left menu bar, and then configure the callback URL in the Redirect URLs field.
Select Manage Distribution, and then click Any Workspace.

Configure Asana Webhooks Manually

Webhooks are automatically established and managed, but you can manage them manually.

To configure webhooks manually:

Obtain the resource ID of interest by going to https://developers.asana.com/reference/rest-api-reference. Select the desired resource on the right, and then select Get Multiple for the resource (here, workspaces). You need to use a valid access token.

Note: It is often necessary to start with parent resources to locate a specific resource identifier. The organizational level is as follows:

Workspace
- Projects
  - Section
    - Tasks
      - Subtasks
    - Milestones
      - Subtasks
    - Attachments
- Users
  - Section
    - Tasks
      - Subtasks
    - Milestones
      - Subtasks
  - Attachments
    
    If the parent ID is unknown, you can trace backward up the tree to find a resource ID. You need to find the token only for the workspace IDs.
Using the ID of the resource, establish a webhook on https://developers.asana.com/reference/createwebhook. To do this, enter the resource ID and target URL under “Body params->data” and then click “Try it!”. Larger resources, such as workspaces, may need filtering into their sub-resources; that is, Workspace filtered into its projects.

Configure an Asana Connector

To configure an Asana connector:

In the Versa Concerto portal, select a tenant under Tenants in the left menu bar.
Go to Configure > Profile and Connectors > SaaS and IaaS Connectors. The following screen displays.
Select the SaaS tab, select Asana in the left column, then click the Add icon. The Add Instance – Asana screen displays.

Specify the Instance name and Admin email, then select the required services.

Field	Description
Instance Name (Required)	Enter the name of the instance.
Admin Email (Required)	Enter the email address of the Asana administrator account.
Retro Scan	Select to scan and protect all the files and objects that are present on Asana at the time of connector creation. Warning: Event-based policies will apply to all the existing data, delete action is irrevocable. Deleted data cannot be restored.
Start After	Enter the time required to grant access and configure policies and rules for this instance before starting the retroactive scan.
Unit Type	Select the unit of measure for the Start After time, in hours or minutes.
Services	Select the services for which this instance will be used. API Based Data protection: Scan and protect content
Confirm	Select to indicate that the steps mentioned in the previous section to configure the Asana account have been followed.

Click Submit. The instance displays in the main pane.
In the Access column, click Grant Access to start the OAuth 2.0 process, which grants the application access to the Versa API-DP cloud.

This opens a login prompt for the Asana account. Use administrator credentials to log in and grant access. Webhooks for existing workspaces will be automatically established during this OAuth process.

Box API-Based Data Protection

This section describes how to configure the Box application for API-DP.

Configure Box for API-Based Data Protection

Note:

All steps should be performed from the Admin Account
Shield Detection Rules help you keep an eye on your Box account for enhanced security. If you have activated the Malicious Content detection rule, turn off the "Restrict download of malicious content" option in the Admin Console (Admin Console -> Shield -> Detection Rules -> Malicious Content). If this option is on, Versa will not be able to scan your files

Note: The minimum license required for Box is Box Plus.

To configure a new instance for Box:

Login to Box using administrator credentials, then navigate to the Admin Console.
Click Integrations in the left menu bar.
Select the Platform Apps Manager tab, and then click Add Platform App.
Enter client IDs llr69xaxc0hhgj1tjrjfvfakseo14sj6 and x3v80p6m1do1ynkf3l0wzm9ud90mxftu.
Click Next and Authorize. The screen displays entries for Prod-Versanow-Skill and Versa JWT Connector.
Select the User Authentication Apps tab, and then click Add Platform App.
Enter client ID pb7ww11ovrjotq1oimr930i5ft1jh8po.
Click Next and Authorize. An entry for Versa API-DP Box OAuth2 Connector displays.
Change the URL from /master/custom-apps/userauth to /master/skills.
Click Add Skill.
In the Add Custom Skill screen, enter Client ID llr69xaxc0hhgj1tjrjfvfakseo14sj6, and then click Next .
Select the content that you want to configure, and then click Next.
Select All content in your company, and then click Next.
Click Enable to complete the Box configuration.

If you plan to revoke or delete an instance, after you revoke the instance from Concerto, follow the steps below to complete the removal process:

Login to the box using the same admin credentials you used when granting access.
Go to the Admin console.
Click Apps in the left menu.
Select Custom App Manager.
Disable the Prod-Versanow-Skill and Versa JWT Connector applications using the More option (“...”) in the application entry.
Similarly, under User Authentication Apps, disable Versa API-DP Box OAuth2 Connector.
Change the URL to /master/skills.
Click Prod-Versanow-Skill.
Click Delete. If you are unable to delete, click Disable.

Configure a Box Connector

To configure a connector for Box in Versa Concerto:

In the Versa Concerto portal, select a tenant under Tenants in the left menu bar.
Go to Configure > Profiles and Connectors > Saas and IaaS Connectors.

The following screen displays.
Select the SaaS tab, select Box in the left column, then click the Add icon. The Add Instance — Box window displays.

Enter information for the following fields.

Field	Description
Instance Name (Required)	Enter a name for the instance.
Admin Email (Required)	Enter an email address of the Box administrator account.
Poll Interval (in Minutes) (Required)	Enter the poll interval. Range: 15 through 1440 minutes Default: 60
Retro Scan (Group of Fields)	Click to scan and protect all the files that are present on Box at the time of connector creation. Warning: Event-based policies will apply to all the existing data, delete action is irrevocable. Deleted data cannot be restored.
Start After	Enter the time required to grant access and configure policies and rules for this instance before starting the retroactive scan. Range: 1 through 14 (hours), 15 through 1440 (minutes) Default: None
Unit Type	Select the unit of measure for the Start After time, in hours or minutes.
Services	Select the services for which the instance is used. API-Based Data Protection—Scan and protect content. Forensic—Use this instance for forensics. Legal Hold—Use this instance for legal hold. Quarantine—Use this instance for quarantine files.
Confirm	Click to confirm that the steps required to configure the Box account are complete.

Click Submit. The new instance is added to the Box application and displays in the Application Connectors > SaaS screen.
In the main pane, select Grant Access to start the OAuth2 process of granting access to the Versa API data protection cloud.

A popup window showing the login prompt for the Box account displays.
Use the Administrator credentials to login. The next screen shows the permissions that the Versa service requires to scan and monitor the Box account.
Click Grant Access to Box to complete the Box connector configuration.

Cisco Webex Teams API-Based Data Protection

This section describes how to configure the Cisco Webex Teams application for API-DP.

Configure Cisco Webex Teams for API-Based Data Protection

To configure a new instance for Webex:

Sign into Webex Developer and Go to https://developer.webex.com/my-apps/new/integration. In the New Integration screen, enter information for the following fields.

Field	Description
Integration name	Enter the name of the integration as it will appear in Webex.
Icon	Upload your own icon or select a Webex default icon. Icons must be exactly 512x512px in JPEG or PNG format.
App Hub Descriptor	Enter information about the application, up to 1024 characters.
Redirect URI(s)	Enter one or more URIs that a user will be redirected to when completing an OAuth grant flow.

Click Create Integration. The following screen displays.
Store the Client ID and Client Secret for later use.

Configure a Cisco Webex Connector

To configure a Cisco Webex connector in Versa Concerto:

In the Versa Concerto portal, select a tenant under Tenants in the left menu bar.
Go to Configure > Profile and Connectors > SaaS and IaaS Connectors. The following screen displays.
Select the SaaS tab, select Cisco Webex Teams in the left menu bar, and then click the Add icon. The Add Instance — Cisco Webex Teams window displays.

Enter information for the following fields.

Field	Description
Instance Name (Required)	Enter a name for the instance.
Admin Email (Required)	Enter the email address of the Cisco Webex administrator account.
Organization Name	Enter the name of the Cisco Webex Teams organization.
Poll Interval (in Minutes) (Required)	Enter the poll interval. Range: 15 through 1440 minutes Default: 60
Retro Scan	Click to scan and protect all the files that are present on Webex at the time of connector creation. Warning: Event-based policies will apply to all the existing data, delete action is irrevocable. Deleted data cannot be restored.
Start After	Enter the time required to grant access and configure policies and rules for this instance before starting the retroactive scan. Range: 1 through 14 (hours), 15 through 1440 (minutes) Default: None
Unit Type	Select the unit of measure for the Start After time, in hours or minutes.
Services	Select the services to use for the instance. API-Based Data Protection—Scan and protect content
Confirm	Click to confirm that the steps required to configure the Cisco Webex account are complete.

Click Submit.
After adding the instance, select Grant Access to the new instance to start the OAuth2 process of granting access to the Versa API data protection cloud. This opens the login prompt for the Cisco Webex Teams account. Use the administrator credentials to log in and grant access.

Citrix ShareFile API-Based Data Protection

This section describes how to configure the Citrix ShareFile application for API-DP.

Configure Citrix ShareFile for API-Based Data Protection

To configure a new instance for Citrix Sharefile.

Go to https://api.sharefile.com/apikeys. The Your API Keys screen displays
Click Create New. The API Key Generator screen displays.
Enter an application name and the redirect URL, then click Generate Api Key.
Store the Client ID and Client Secret for later use.

Configure a Citrix ShareFile Connector

To configure a Citrix ShareFile connector in Versa Concerto:

In the Versa Concerto portal, select a tenant under Tenants in the left menu bar.
Go to Configure > Profile and Connectors > SaaS and IaaS Connectors. The following screen displays.
Select SaaS tab, select Citrix ShareFile in the left menu bar, and then click the Add icon. The Add Instance — Citrix ShareFile screen displays.

Enter information for the following fields.

Field	Description
Instance Name (Required)	Enter a name for the instance.
Admin Email (Required)	Enter an email address of the Citrix ShareFile administrator account.
Poll Interval (in Minutes) (Required)	Enter the poll interval. Range: 15 through 1440 minutes Default: 60
Retro Scan	Click to scan and protect all the files that are present on Citrix ShareFile at the time of connector creation. Warning: Event-based policies will apply to all the existing data, delete action is irrevocable. Deleted data cannot be restored.
Start After	Enter the time required to grant access and configure policies and rules for this instance before starting the retroactive scan. Range: 1 through 14 (hours), 15 through 1440 (minutes) Default: None
Unit Type	Select the unit of measure for the Start After time, in hours or minutes.
Services	Select the services to use for the instance. API-Based Data Protection—Scan and protect content Forensic—Use this instance for forensics Legal Hold—Use this instance for legal hold Quarantine—Use this instance for quarantine files
Confirm	Click to confirm that the steps required to configure the Citrix ShareFile account are complete.

Click Submit.
After the instance is added, select Grant Access to start the OAuth2 process of granting access to the Versa API data protection cloud. This opens a login prompt for the Citrix ShareFile account. Use the administrator credentials to log in and grant access.

Confluence API-Based Data Protection

This section describes how to configure the Confluence application for API-DP.

Configure Confluence for API-Based Data Protection

To configure Confluence for API-DP:

Go to https://www.atlassian.com/ and select your organization.
From the left menu, go to Apps > Sites and choose the site where you want to install the application.
In the left menu, select Site Settings > Access requests > Connected apps.
In the Connected apps screen, select Settings in the submenu.
Under the Development mode section, click on Enable Development mode, and enable it.
Click Install a private app in the top-right corner.
In the Install private app popup window:
1. Choose Confluence from the first dropdown menu.
2. Copy and paste the App Descriptor URL (provided on connector) into the “App descriptor URL” field.
3. Click Install app to complete the installation.
After initiating the installation process, allow some time for the application to be installed and configured. Once completed, the process is finished.
If you plan to revoke or delete an instance, after you revoke the instance, perform the following steps to ensure that the instance has been completely removed.
1. Log in to your Atlassian account.
2. Remove access from the Atlassian account settings:
  1. Go to Settings > Atlassian Account Settings > Connected Apps.
  2. Locate Versa-APIDP-Confluence, and then click Remove Access.
3. Uninstall the Versa Networks–Confluence Event Watcher application:
  1. Follow steps 1, 2 and 3 to navigate to the Connected apps section.
  2. Locate Versa Networks–Confluence Event Watcher and click View app details.
  3. Click the Uninstall button in the top-right corner to uninstall the application.

Configure a Confluence Connector

To configure a Confluence connector in Versa Concerto:

In the Versa Concerto portal, select a tenant under Tenants in the left menu bar.
Go to Configure > Profile and Connectors > SaaS and IaaS Connectors. The following screen displays.
Select the SaaS tab, select Confluence in the left column, then click the Add icon. The Add Instance — Confluence screen displays.

Enter information for the following fields.

Field	Description
Instance Name (Required)	Enter a name for the instance.
Admin Email (Required)	Enter an email address of the Confluence administrator account.
Poll Interval (in Minutes)	Enter the amount of time between polling events. Range: 15 through 1440 minutes Default: 60 minutes
Site URL (Required)	Enter the URL of the site.
Retro Scan	Click to scan and protect all the files that are present on Confluence at the time of connector creation. Warning: Event-based policies will apply to all the existing data, delete action is irrevocable. Deleted data cannot be restored.
Start After	Enter the time required to grant access and configure policies and rules for this instance before starting the retroactive scan. Range: 1 through 14 (hours), 15 through 1440 (minutes) Default: None
Unit Type	Select the unit of measure for the Start After time, in hours or minutes.
Services	Select the services to use for the instance. API-Based Data Protection—Scan and protect content
App Descriptor URL	Click the Eye icon to show the app descriptor URL.
Confirm	Click to confirm that the steps required to configure the Confluence account are complete.

Click Submit.
After the instance is added, select Grant Access to start the OAuth2 process of granting access to the Versa API data protection cloud. This opens a login prompt for the Confluence account. Use the administrator credentials to log in and grant access.

Dropbox API-Based Data Protection

This section describes how to configure the Dropbox application for API-DP.

Configure Dropbox for API-Based Data Protection

For Dropbox, no configuration is required.

Configure a Dropbox Connector

To configure a Dropbox connector in Versa Concerto:

In the Versa Concerto portal, select a tenant under Tenants in the left menu bar.
Go to Configure > Profile and Connectors > SaaS and IaaS Connectors. The following screen displays.
Select the SaaS tab, select Dropbox in the left column, and then click the Add icon. The Add Instance — Dropbox screen displays.

Enter information for the following fields.

Field	Description
Instance Name (Required)	Enter a name for the instance.
Admin Email (Required)	Enter an email address of the Dropbox administrator account.
Poll Interval (in Minutes)	Enter the amount of time between polling events. Range: 100 through 1440 minutes Default: 150 minutes
Retro Scan	Scan and protect all the files that are present on Dropbox at the time of connector creation. Warning: Event-based policies will apply to all the existing data, delete action is irrevocable. Deleted data cannot be restored.
Start After	Enter the time required to grant access and configure policies and rules for this instance before starting the retroactive scan. Range: 1 through 14 (hours), 15 through 1440 (minutes) Default: None
Unit Type	Select the unit of measure for the Start After time, in hours or minutes.
Services	Select the services to use for the instance. API-Based Data Protection—Scan and protect content. Forensic—Use this instance for Forensics. Legal hold—Use this instance for Legal hold. Quarantine—Use this instance for quarantine files.
Confirm	Click to confirm that the steps required to configure the Dropbox account are complete.

Click Submit.
After the instance is added, select Grant Access to start the OAuth2 process of granting access to the Versa API data protection cloud. Use Dropbox Administrator credentials to log in and grant access.

Egnyte API-Based Data Protection

This section describes how to configure the Egnyte application for API-DP.

Configure Egnyte for API-Based Data Protection

To configure a new instance for Egnyte:

Go to https://developers.egnyte.com/member/register, and enter the required information.
Click Register. You will receive an email at the address you entered during registration.
Click the link in the email.
Sign in at https://developers.egnyte.com/apps/mykeys. The My API Keys screen displays.
Store the Key and Secret for later use.

Configure an Egnyte Connector

To configure an Egnyte Connector in Versa Concerto:

In the Versa Concerto portal, select a tenant under Tenants in the left menu bar.
Go to Configure > Profile and Connectors > SaaS and IaaS Connectors. The following screen displays.
Select the SaaS tab, select Egnyte in the left column, then click the Add icon.The Add Instance — Egnyte screen displays.

Enter information for the following fields.

Field	Description
Instance Name (Required)	Enter a name for the instance.
Admin Email (Required)	Enter an email address of the Egnyte administrator account.
Domain Name (Required)	Enter the name prefix used in Egnyte domain name.
Poll Interval (in Minutes)	Enter the amount of time between polling events. Range: 15 through 1440 minutes Default: 150 minutes
Retro Scan	Scan and protect all the files that are present on Egnyte at the time of connector creation. Warning: Event-based policies will apply to all the existing data, delete action is irrevocable. Deleted data cannot be restored.
Start After	Enter the time required to grant access and configure policies and rules for this instance before starting the retroactive scan. Range: 1 through 14 (hours), 15 through 1440 (minutes) Default: None
Unit Type	Select the unit of measure for the Start After time, in hours or minutes.
Services	Select the services to use for the instance. API-Based Data Protection—Scan and protect content. Forensic—Use this instance for forensics. Legal hold—Use this instance for Legal hold. Quarantine—Use this instance for quarantine files.
Confirm	Click to confirm that the steps required to configure the Egnyte account are complete.

Click Submit.
After the instance is added, select Grant Access to start the OAuth2 process of granting access to the Versa API data protection cloud. Use Egnyte Administrator credentials to log in and grant access.

Google Drive API-Based Data Protection

This section describes how to configure the Google Drive application for API-DP.

Configure Google Drive for API-Based Data Protection

To configure a new instance for Google Drive:

Log in to the Google Drive Admin console using administrator credentials.
Select Security > Access and Data Control > API controls in the left menu bar, and then click Manage Domain-wide Delegation.
In the Domain-wide Delegation screen, click Add New.

In the popup window, enter information for the following fields.

API-control-domain-wide-delegation-add-new-Google-Drive-cropped.png

Field	Description
Client ID	Add client ID 113866028843424440405.
Scopes	Add the following scopes. When entering multiple scopes, separate each scope with a comma. https://www.googleapis.com/auth/admin.datatransfer https://www.googleapis.com/auth/admin.directory.customer https://www.googleapis.com/auth/admin.directory.domain.readonly https://www.googleapis.com/auth/admin.directory.group https://www.googleapis.com/auth/admin.directory.group.member https://www.googleapis.com/auth/admin.directory.group.member.readonly https://www.googleapis.com/auth/admin.directory.group.readonly https://www.googleapis.com/auth/admin.directory.user https://www.googleapis.com/auth/admin.directory.user.readonly https://www.googleapis.com/auth/admin.directory.user.security https://www.googleapis.com/auth/admin.reports.audit.readonly https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/drive https://www.googleapis.com/auth/drive.activity.readonly https://www.googleapis.com/auth/drive.appdata https://www.googleapis.com/auth/drive.file https://www.googleapis.com/auth/drive.metadata https://www.googleapis.com/auth/drive.metadata.readonly https://www.googleapis.com/auth/drive.photos.readonly https://www.googleapis.com/auth/drive.readonly https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile openid

Field

Description

Client ID

Add client ID 113866028843424440405.

Scopes

Add the following scopes. When entering multiple scopes, separate each scope with a comma.

https://www.googleapis.com/auth/admin.datatransfer
https://www.googleapis.com/auth/admin.directory.customer
https://www.googleapis.com/auth/admin.directory.domain.readonly
https://www.googleapis.com/auth/admin.directory.group
https://www.googleapis.com/auth/admin.directory.group.member
https://www.googleapis.com/auth/admin.directory.group.member.readonly
https://www.googleapis.com/auth/admin.directory.group.readonly
https://www.googleapis.com/auth/admin.directory.user
https://www.googleapis.com/auth/admin.directory.user.readonly
https://www.googleapis.com/auth/admin.directory.user.security
https://www.googleapis.com/auth/admin.reports.audit.readonly
https://www.googleapis.com/auth/cloud-platform
https://www.googleapis.com/auth/drive
https://www.googleapis.com/auth/drive.activity.readonly
https://www.googleapis.com/auth/drive.appdata
https://www.googleapis.com/auth/drive.file
https://www.googleapis.com/auth/drive.metadata
https://www.googleapis.com/auth/drive.metadata.readonly
https://www.googleapis.com/auth/drive.photos.readonly
https://www.googleapis.com/auth/drive.readonly
https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/userinfo.profile
openid

Click Authorize.

Configure a Google Drive Connector

To configure a Google Drive connector in Versa Concerto:

In the Versa Concerto portal, select a tenant under Tenants in the left menu bar.
Go to Configure > Profile and Connectors > SaaS and IaaS Connectors. The following screen displays.
Select the SaaS tab, select Google Drive in the left column, then click the Add icon. The Add Instance — Google Drive screen displays.

Enter information for the following fields.

Field	Description
Instance Name (Required)	Enter a name for the instance.
Admin Email	Enter the email address of the Google administrator account.
Poll Interval (in Minutes)	Enter the amount of time between polling events. Range: 15 through 1440 minutes Default: 60 minutes
Retro Scan	Click to scan and protect all the files that are present on Google Drive at the time of connector creation. Warning: Event-based policies will apply to all the existing data, delete action is irrevocable. Deleted data cannot be restored.
Start After	Enter the time required to grant access and configure policies and rules for this instance before starting the retroactive scan. Range: 1 through 14 (hours), 15 through 1440 (minutes) Default: None
Unit Type	Select the unit of measure for the Start After time, in hours or minutes.
Services	Select the services to use for the instance. API-Based Data Protection—Scan and protect content. Forensic—Use this instance for forensics. Legal Hold—Use this instance for legal hold. Quarantine—Use this instance for quarantine files.
Confirm	Click to confirm that the steps required to configure the Google Drive account are complete.

Click Submit.
After adding the instance, select Grant Access to start the OAuth2 process of granting access to the Versa API data protection cloud. This opens a login prompt for the Google account.
Use Google Drive Administrator credentials to log in. The next screen shows the permissions that the Versa service requires to scan and monitor the Google Drive account. Click Accept to grant access to the Google Drive account.

Google Gmail API-Based Data Protection

This section describes how to configure the Google Gmail application for API-DP.

Configure Gmail for API-Based Data Protection

To configure a new instance for Gmail:

Login to https://admin.google.com as an administrator.
Click Security > Access and data control > API controls in the left menu bar.
In the API controls screen, click Manage Domain-wide Delegation, as shown below.

In the API Clients Label, click Add New, and then enter information for the following fields.

Field	Description
Client ID	Enter the client ID 105557577682135063975.
OAuth Scopes	Enter the following two OAuth scopes, separated by a comma. https://mail.google.com/ https://www.googleapis.com/auth/admin.directory.user

Field

Description

Client ID

Enter the client ID 105557577682135063975.

OAuth Scopes

Enter the following two OAuth scopes, separated by a comma.

https://mail.google.com/
https://www.googleapis.com/auth/admin.directory.user

Click Authorize.

Configure a Gmail Connector

To configure a Gmail connector in Versa Concerto:

In the Versa Concerto portal, select a tenant under Tenants in the left menu bar.
Go to Configure > Profile and Connectors > SaaS and IaaS Connectors. The following screen displays.
Select the SaaS tab, select Google Gmail in the left column, then click the Add icon. The Add Instance — Gmail screen displays.

Enter information for the following fields.

Field	Description
Instance Name (Required)	Enter a name for the instance.
Admin Email (Required)	Enter an email address of the Google administrator account.
Poll Interval (in Minutes)	Enter the amount of time between polling events. Range: 60 through 1440 minutes Default: 120 minutes
Services	Select the services to use for the instance. API Based Data Protection—Scan and protect content.
Confirm	Click to confirm that the steps required to configure the Google Gmail account are complete.

Click Submit.
After the instance is added, select Grant Access to start the OAuth2 process of granting access to the Versa API data protection cloud. Use Google Administrator credentials to log in and grant access.

GitHub API-Based Data Protection

This section describes how to configure the GitHub application for API-DP.

Configure GitHub for API-Based Data Protection

To configure a new instance for GitHub:

Browse to https://github.com/apps/versa-api-dp
Click Install.
Select the organization on which to install GitHub.
Grant permission to all or selected repositories, and then click Install.

If you plan to revoke/delete an instance, once after revoke is done, please follow the steps below to uninstall the Versa–API–DP Notifier app:

Login to your GitHub account.
Navigate to the settings of the organization to which you granted access, then go to Third-party Access > GitHub Apps.
Locate Versa-API-DP, click on Configure, and then select Uninstall.

Configure a GitHub Connector

To configure a GitHub connector in Versa Concerto:

In the Versa Concerto portal, select a tenant under Tenants in the left menu bar.
Go to Configure > Profile and Connectors > SaaS and IaaS Connectors. The following screen displays.
Select the Saas tab, select GitHub in the left column, and then click the Add icon. The Add Instance — GitHub screen displays.

Enter information for the following fields.

Field	Description
Instance Name (Required)	Enter a name for the instance.
Admin Email (Required)	Enter an email address of the GitHub administrator account.
Organization Name (Required)	Enter the name of the organization.
Poll Interval (in Minutes)	Enter the amount of time between polling events. Range: 15 through 1440 minutes Default: 60 minutes
Retro Scan	Click to scan and protect all the files that are present on GitHub at the time of connector creation. Warning: Event-based policies will apply to all the existing data, delete action is irrevocable. Deleted data cannot be restored.
Start After	Enter the time required to grant access and configure policies and rules for this instance before starting the retroactive scan. Range: 1 through 14 (hours), 15 through 1440 (minutes) Default: None
Unit Type	Select the unit of measure for the Start After time, in hours or minutes.
Services	Select the services to use for the instance. API Based Data Protection—Scan and protect content.
Confirm	Click to confirm that the steps required to configure the GitHub account are complete.

Click Submit.
After the instance is added, select Grant Access to start the OAuth2 process of granting access to the Versa API data protection cloud. Use GitHub Administrator credentials to log in and grant access.

GitLab API-Based Data Protection

This section describes how to configure the GitLab application for API-DP.

Configure GitLab for API-Based Data Protection

To configure a new instance for GitLab:

Login to GitLab as an administrator.
Click the Menu icon and select Admin.
In the Admin Area left menu bar, select Applications, and then click New Application.

In the Add New Application popup window, enter information for the following fields.

Field	Description
Name	Enter a name for the application.
Redirect URI	Enter the redirect URI.
Trusted	Not applicable.
Confidential	Select confidential.
Scopes	Click the checkbox to select all scopes.

Click Save application.
Note down the application ID and click the Copy icon to copy the secret value. Save this information to use when you create the GitLab connector.

Configure a GitLab Connector

To configure a GitLab connector in Versa Concerto:

In the Versa Concerto portal, select a tenant under Tenants in the left menu bar.
Go to Configure > Profile and Connectors > SaaS and IaaS Connectors. The following screen displays.
Select the SaaS tab, select GitLab in the left column, then click Add. The Add Instance — GitLab screen displays.

Enter information for the following fields.

Field	Description
Instance Name (Required)	Enter a name for the instance.
Admin Email (Required)	Enter an email address of the GitLab administrator account.
Client ID (Required)	Enter the client ID.
Client Secret (Required)	Enter the client secret.
Domain Name (Required)	Enter the domain name of the GitLab instance. For example, gitlab.companyname.com.
Poll Interval (in Minutes)	Enter the amount of time between polling events. Range: 15 through 1440 minutes Default: 60 minutes
Retro Scan	Click to scan and protect all the files that are present on GitLab at the time of connector creation. Warning: Event-based policies will apply to all the existing data, delete action is irrevocable. Deleted data cannot be restored.
Start After	Enter the time required to grant access and configure policies and rules for this instance before starting the retroactive scan. Range: 1 through 14 (hours), 15 through 1440 (minutes) Default: None
Unit Type	Select the unit of measure for the Start After time, in hours or minutes.
Services	Select the services to use for the instance. API-Based Data Protection—Scan and protect content.
Redirect URI	Click the Show icon to show the redirect URI.
Confirm	Click to confirm that the steps required to configure the GitLab account are complete.

Click Submit.
After the instance is added, select Grant Access to start the OAuth2 process of granting access to the Versa API data protection cloud. Use GitLab Administrator credentials to log in and grant access.

Jira API-Based Data Protection

This section describes how to configure the Jira application for API-DP.

Configure Jira for API-Based Data Protection

To configure Jira for API-DP:

Go to http://atlassian.com and select your organization.
In the left menu bar, go to Apps > Sites and choose the site where you want to install the application.
In the left menu, select Site Settings > Access requests > Connected apps.
In the Connected apps screen, select Settings in the submenu.
Under the Development mode section, click on Enable Development mode, and enable it.
Click Install a private app in the top-right corner.
In the Install private app popup window:
1. Choose Jira from the first dropdown menu.
2. Copy and paste the App Descriptor URL (provided on connector) into the “App descriptor URL” field.
3. Click Install app to complete the installation.
After initiating the installation process, allow some time for the application to be installed and configured. Once completed, the process is finished.
If you plan to revoke or delete an instance, after you revoke the instance, perform the following steps to ensure that the instance has been completely removed.
1. Log in to your Atlassian account.
2. Remove access from the Atlassian account settings:
  1. Go to Settings > Atlassian Account Settings > Connected Apps.
  2. Locate Versa-APIDP-Jira, and then click Remove Access.
3. Uninstall the Versa Networks–Jira Event Watcher application:
  1. Follow steps 1, 2 and 3 to navigate to the Connected apps section.
  2. Locate Versa Networks–Jira Event Watcher and click View app details.
  3. Click the Uninstall button in the top-right corner to uninstall the application.

Configure a Jira Connector

To configure a Jira connector in Versa Concerto:

In the Versa Concerto portal, select a tenant under Tenants in the left menu bar.
Go to Configure > Profiles and Connectors > SaaS and IaaS Connectors. The following screen displays.
Select the SaaS tab, select Jira in the left menu bar, then click the Add icon. The Add Instance – Jira window displays.

Enter information for the following fields.

Field	Description
Instance Name (Required)	Enter a name for the instance.
Admin Email (Required)	Enter the email address of the Jira administrator account.
Poll Interval (in Minutes) (Required)	Enter the amount of time between polling events. Range: 15 through 1440 minutes Default: 60 minutes
Site URL (Required)	Enter the URL for the site.
Retro Scan	Click to scan and protect all the files that are present on Jira at the time of connector creation. Warning: Event-based policies will apply to all the existing data, delete action is irrevocable. Deleted data cannot be restored.
Start After	Enter the time required to grant access and configure policies and rules for this instance before starting the retroactive scan. Range: 1 through 14 (hours) or 15 through 1440 (minutes) Default: None
Unit Type	Select the unit of measure for the Start After time, in hours or minutes.
Services	Select the services to use for the instance. API-Based Data Protection—Scan and protect content.
App Descriptor URL	Click the Show icon to display the App Descriptor URL.
Confirm	Click to confirm that the steps required to configure the Jira account are complete.

After adding the instance, click Grant Access to start the OAuth 2.0 process of granting access to the Versa API-DP cloud. This will open a login prompt for the Jira account. Use administrator credentials to log in and grant access.

Microsoft OneDrive API-Based Data Protection

This section describes how to configure the Microsoft OneDrive application for API-DP.

Configure Microsoft OneDrive for API-Based Data Protection

For Microsoft OneDrive, no configuration is required.

Configure a Microsoft OneDrive Connector

To configure a Microsoft OneDrive connector in Versa Concerto:

In the Versa Concerto portal, select a tenant under Tenants in the left menu bar.
Go to Configure > Profile and Connectors > SaaS and IaaS Connectors. The following screen displays.
Select the SaaS tab, select Microsoft OneDrive in the left menu bar, then click the Add icon. The Add Instance — Microsoft OneDrive screen displays.

Enter information for the following fields.

Field	Description
Instance Name (Required)	Enter a name for the instance.
Admin Email (Required)	Enter the email address of the Microsoft OneDrive administrator account.
Poll Interval (in Minutes) (Required)	Enter the amount of time between polling events. Range: 15 through 1440 minutes Default: 60 minutes
Retro Scan	Click to scan and protect all the files that are present on Microsoft OneDrive at the time of connector creation. Warning: Event-based policies will apply to all the existing data, delete action is irrevocable. Deleted data cannot be restored.
Start After	Enter the time required to grant access and configure policies and rules for this instance before starting the retroactive scan. Range: 1 through 14 (hours) or 15 through 1440 (minutes) Default: None
Unit Type	Select the unit of measure for the Start After time, in hours or minutes.
Services	Select the services to use for the instance. API-Based Data Protection—Scan and protect content. Forensic—Use this instance for Forensics. Legal Hold—Use this instance for legal hold. Quarantine—Use this instance for quarantine files.
Confirm	Click to confirm that the steps required to configure the Microsoft OneDrive account are complete.

Click Submit.
After adding the instance, select Grant Access to start the OAuth2 process of granting access to the Versa API data protection cloud. This will open the login prompt for the Microsoft account.
Use Microsoft OneDrive Administrator credentials to log in. The next screen shows the permissions that the Versa service requires to scan and monitor the OneDrive account. Click Accept to grant access to Microsoft OneDrive account.

Microsoft Outlook API-Based Data Protection

This section describes how to configure the Microsoft Outlook application for API-DP.

Configure Microsoft Outlook for API-Based Data Protection

For Microsoft Outlook, no configuration is required.

Configure a Microsoft Outlook Connector

To configure a Microsoft Outlook connector in Versa Concerto:

In the Versa Concerto portal, select a tenant under Tenants in the left menu bar.
Go to Configure > Profile and Connectors > SaaS and IaaS Connectors. The following screen displays.
Select the SaaS tab, select Microsoft Outlook in the left menu bar, then click the Add icon. The Add Instance Microsoft Outlook screen displays.

Enter information for the following fields.

Field	Description
Instance Name (Required)	Enter a name for the instance.
Admin Email (Required)	Enter the email address of the Microsoft Outlook administrator account.
Poll Interval (in Minutes) (Required)	Enter the amount of time between polling events. Range: 60 through 1440 minutes Default: 120 minutes
Services	Select the services to use for the instance. API-Based Data Protection—Scan and protect content.
Confirm	Click to confirm that the steps required to configure the Microsoft Outlook account are complete.

Click Submit.
After the instance is added, select Grant Access to start the OAuth2 process of granting access to the Versa API data protection cloud. This opens a login prompt for the Microsoft account. Use Microsoft Administrator credentials to log in and grant access.

Microsoft SharePoint API-Based Data Protection

This section describes how to configure the Microsoft SharePoint application for API-DP.

Configure Microsoft SharePoint for API-Based Data Protection

For Microsoft SharePoint, no configuration is required.

Configure a Microsoft SharePoint Connector

To configure a Microsoft SharePoint connector in Versa Concerto:

In the Versa Concerto portal, select a tenant under Tenants in the left menu bar.
Go to Configure > Profile and Connectors > SaaS and IaaS Connectors. The following screen displays.
Select the SaaS tab, select Microsoft SharePoint in the left menu bar, then click the Add icon. The Add Instance — Microsoft Office 365 Sharepoint Sites screen displays.

Enter information for the following fields.

Field	Description
Instance Name (Required)	Enter a name for the instance.
Admin Email (Required)	Enter an email address of the Microsoft SharePoint administrator account.
Poll Interval (in Minutes) (Required)	Enter the amount of time between polling events. Range: 15 through 1440 minutes Default: 60 minutes
Retro Scan	Click to scan and protect all the files that are present on Microsoft SharePoint at the time of connector creation. Warning: Event-based policies will apply to all the existing data, delete action is irrevocable. Deleted data cannot be restored.
Start After	Enter the time required to grant access and configure policies and rules for this instance before starting the retroactive scan. Range: 1 through 14 (hours) or 15 through 1440 (minutes) Default: None
Unit Type	Select the unit of measure for the Start After time, in hours or minutes.
Services	Select the services to use for the instance. API Based Data Protection—Scan and protect content. Forensic—Use this instance for forensics. Legal Hold—Use this instance for legal hold. Quarantine—Use this instance for quarantine files.
Confirm	Click to confirm that the steps required to configure the Microsoft SharePoint account are complete.

Click Submit.
After adding the instance, select Grant Access to start the OAuth2 process of granting access to the Versa API data protection cloud. This opens a login prompt for the Microsoft account.
Use Microsoft SharePoint Administrator credentials to log in. The next screen shows the permissions that the Versa service requires to scan and monitor the Microsoft SharePoint account. Click Accept to grant access to Microsoft SharePoint account.

Microsoft Teams API-Based Data Protection

This section describes how to configure the Microsoft Teams application for API-DP.

Configure Microsoft Teams for API-Based Data Protection

For Microsoft Teams, no configuration is required.

Configure a Microsoft Teams Connector

To configure a Microsoft Teams connector in Versa Concerto:

In the Versa Concerto portal, select a tenant under Tenants in the left menu bar.
Go to Configure > Profile and Connectors > SaaS and IaaS Connectors. The following screen displays.
Select the SaaS tab, select Microsoft Teams in the left menu bar, then click the Add icon. The Add Instance — Microsoft Teams screen displays.

Enter information for the following fields.

Field	Description
Instance Name (Required)	Enter a name for the instance.
Admin Email (Required)	Enter an email address of the Microsoft Teams administrator account.
Poll Interval (in Minutes) (Required)	Enter the amount of time between polling events. Range: 60 through 1440 minutes Default: 120 minutes
Services	Select the services to use for the instance. API-Based Data Protection—Scan and protect content.
Confirm	Click to confirm that the steps required to configure the Microsoft Teams account are complete.

Click Submit.
After adding the instance, select Grant Access to start the OAuth2 process of granting access to the Versa API data protection cloud. This opens a login prompt for the Microsoft account. Use Microsoft Teams Administrator credentials to log in and grant access.

Microsoft Yammer API-Based Data Protection

This section describes how to configure the Microsoft Yammer application for API-DP.

Configure Microsoft Yammer for API-Based Data Protection

Note: Create a new user with administrator privileges and an application to track all activity with that user account. The new admin should be added to all communities over the network to monitor them. The new admin should never unfollow any user.

For Microsoft Yammer, no configuration is required.

Configure a Microsoft Yammer Connector

To configure a Microsoft Yammer connector in Versa Concerto:

In the Versa Concerto portal, select a tenant under Tenants in the left menu bar.
Go to Configure > Profile and Connectors > SaaS and IaaS Connectors. The following screen displays.
Select the SaaS tab, select Microsoft Yammer in the left menu bar, then click the Add icon. The Add Instance — Microsoft Yammer screen displays.

In the Add Instance window, enter information for the following fields.

Field	Description
Instance Name (Required)	Enter a name for the instance.
Admin Email (Required)	Enter an email address of the Microsoft Yammer administrator account.
Poll Interval (in minutes) (Required)	Enter the amount of time between polling events. Range: 15 through 1440 minutes Default: 60 minutes
Services	Select the services to use for the instance. API-Based Data Protection—Scan and protect content.
Confirm	Click to confirm that the steps required to configure the Microsoft Yammer account are complete.

After adding the instance, click Grant Access to start the OAuth 2.0 process of granting access to the Versa API-DP cloud. This opens a login prompt for the Viva Engage (Yammer) account. Use administrator credentials to log in and grant access.

Notion API-Based Data Protection

This section describes how to configure the Notion application for API-DP.

Configure Notion for API-Based Data Protection

For Notion, no configuration is required at the Cisco Webex account.

To create a new integration:

Select ellipses (three horizontal dots) in the upper right corner of the Add connections > Manage connections screen.
Select My connections in the left menu bar, then click Develop or manage integrations.
In the Integrations screen, select + New integration, and then give the new integration a name.
In the New integration screen, enter the information below.
1. Set the Type to Public.
2. Enter the company name.
3. Connect to one workspace and fill out the necessary information.
4. In the OAuth & URIs screen, set the redirect URI.
5. Client ID is under Secrets.
  
  Note: A newly added page/database will not automatically connect to the integration. It needs to be manually added to integration.
Click Save.

Configure a Notion Connector

To configure a Notion connector in Versa Concerto:

In the Versa Concerto portal, select a tenant under Tenants in the left menu bar.
Go to Configure > Profile and Connectors > SaaS and IaaS Connectors. The following screen displays.
Select the SaaS tab, select Notion in the left column, then click the Add icon. The Add Instance — Notion screen displays.

Enter information for the following fields.

Field	Description
Instance Name (Required)	Enter a name for the instance.
Admin Email (Required)	Enter an email address of the Notion administrator account.
Poll Interval (in Minutes) (Required)	Enter the amount of time between polling events. Range: 15 through 1440 minutes Default: 60 minutes
Retro Scan	Click to scan and protect all the files that are present on Notion at the time of connector creation. Warning: Event-based policies will apply to all the existing data, delete action is irrevocable. Deleted data cannot be restored.
Start After	Enter the time required to grant access and configure policies and rules for this instance before starting the retroactive scan. Range: 1 through 14 (hours) or 15 through 1440 (minutes) Default: None
Unit Type	Select the unit of measure for the Start After time, in hours or minutes.
Services	Select the services to use for the instance. API-Based Data Protection—Scan and protect content.
Confirm	Click to confirm that the steps required to configure the Notion account are complete.

After adding the instance, click Grant Access to start the OAuth 2.0 process of granting access to the Versa API-DP cloud. This opens a login prompt for the Notion account. Use administrator credentials to log in and grant access.

Salesforce API-Based Data Protection

This section describes how to configure the Salesforce application for API-DP.

Configure Salesforce for API-Based Data Protection

There are two parts to configure Salesforce for API-DP:

Ensure the administrator account used has sufficient privileges.
Install the Versa Networks–Event Watcher app to send an alert when any changes are made to the objects.

Ensure the Administrator Account Uses Sufficient Privileges

In Salesforce, go to setup, navigate to the Administration tab, and select Users > Profiles.
Clone a user profile with an active Salesforce license and name it Versa APIDP.
Open the new profile, and then click Edit.
Ensure that the following items are checked:
- API Enabled
- Manage Chatter Messages and Direct Messages
- Manage Salesforce CRM Content
- Manage Users
- Modify All Data
- Query All Files
- View All Data
Go back to Administration, and then select Users > Users.
Click the edit option on the user account you plan to connect.
Set the profile you created earlier and make sure that that the Salesforce CRM Content User check box is selected.

You can now use this account to connect Salesforce for API Data protection.

Install the Versa Networks–Event Watcher Application

Install the Versa Networks–Event Watcher application to send an alert when any changes are made to the objects:

Note: Available only for Enterprise, Performance, Unlimited, and Developer Editions. For all other editions, events are pulled through polling.

To install the application, use the appropriate link:
- Production / Development environment: https://login.salesforce.com/packaging/installPackage.apexp?p0=04taj0000005Ewn
- Sandbox environment: https://test.salesforce.com/packaging/installPackage.apexp?p0=04taj0000005Ewn
Install the Versa Networks–Event Watcher application for the required users.
Click Install to start the installation process.
When the popup window appears, click the Continue button to proceed with the installation.
Wait for the installation to complete.
Click Done once the installation is complete.

If you plan to revoke or delete an instance, after you revoke the instance, perform the following steps to uninstall the Versa Networks–Event Watcher application:

Log in to your Salesforce account.
Go to Setup and navigate to PLATFORM TOOLS > Apps > Packaging > Installed Packages.
Locate Versa Networks–Event Watcher and click Uninstall.

Configure a Salesforce Connector

To configure a Salesforce connector in Versa Concerto:

In the Versa Concerto portal, select a tenant under Tenants in the left menu bar.
Go to Configure > Profiles and Connectors > SaaS and IaaS Connectors. The following screen displays.
Select the SaaS tab, select Salesforce in the left column, then click the Add icon. The Add Instance — Salesforce window displays.

Enter information for the following fields.

Field	Description
Instance Name (Required)	Enter a name for the instance.
Admin Email (Required)	Enter an email address of the Salesforce administrator account.
Poll Interval (in Minutes) (Required)	Enter the amount of time between polling events. Range: 15 through 1440 minutes Default: 60 minutes
Retro Scan	Click to scan and protect all the files that are present on Salesforce at the time of connector creation. Warning: Event-based policies will apply to all the existing data, delete action is irrevocable. Deleted data cannot be restored.
Start After	Enter the time required to grant access and configure policies and rules for this instance before starting the retroactive scan. Range: 1 through 14 (hours) or 15 through 1440 (minutes) Default: None
Unit Type	Select the unit of measure for the Start After time, in hours or minutes.
Services	Select the services to use for the instance. API-Based Data Protection—Scan and protect content.
Confirm	Click to confirm that the steps required to configure the Salesforce account are complete.

Click Submit.
After adding the instance, select Grant Access to start the OAuth2 process of granting access to the Versa API-DP cloud. This opens a login prompt for the Salesforce account. Use Salesforce Administrator credentials to log in and grant access.

ServiceNow API-Based Data Protection

This section describes how to configure the ServiceNow application for API-DP.

Configure ServiceNow for API-Based Data Protection

To configure a new instance for ServiceNow:

Login to the ServiceNow instance using an administrator account.
Select All and search for OAuth. Select Application Registry under System OAuth
Select New in the top right corner to create a new OAuth app.
Select “New Inbound Integration Experience”.
Click on New Integration and select the “OAuth - Authorization code grant” option.

Create an OAuth app with the information for the following fields, then click Submit.

Field	Description
Details (Group of Fields)
Name	Enter a name for the OAuth app.
Client Secret	Enter a strong, random password, or use the one that ServiceNow creates.
Redirect URL	Copy the Redirect URL value from the connector.
Advanced Options (Group of Fields)
Access Token Lifespan	Enter 3600.
Refresh Token Lifespan	Enter 25920000.

Select the newly created app.
Click the lock icon near the client secret option. A blue text block displays that contains the client secret. Copy and store the client ID and client secret for use later during the configuration process.

Configure a ServiceNow Connector

To configure a ServiceNow connector in Versa Concerto:

In the Versa Concerto portal, select a tenant under Tenants in the left menu bar.
Go to Configure > Profile and Connectors > SaaS and IaaS Connectors. The following screen displays.
Select the SaaS tab, select ServiceNow in the left column, then click the Add icon. The Add Instance ServiceNow screen displays.

Enter information for the following fields.

Field	Description
Instance Name (Required)	Enter a name for the instance.
Admin Email (Required)	Enter the email address of the ServiceNow administrator account.
Client ID (Required)	Client ID of the OAuth app created.
Client Secret (Required)	Client secret of the OAuth app created.
Domain Name (Required)	Enter the subdomain portion of the ServiceNow URL. For example, companyname.servicenow.com
Retro Scan	Click to scan and protect all the files and other objects that are present on ServiceNow at the time of connector creation. Warning: Event-based policies will apply to all the existing data, delete action is irrevocable. Deleted data cannot be restored.
Start After	Enter the time required to grant access and configure policies and rules for this instance before starting the retroactive scan. Range: 1 through 14 (hours) or 15 through 1440 (minutes) Default: None
Unit Type	Select the unit of measure for the Start After time, in hours or minutes.
Services	Select the services to use for the instance. API-Based Data Protection—Scan and protect content.
Redirect URL	Click the Show icon to display the redirect URL.
Confirm	Click to confirm that the steps required to configure the ServiceNow account are complete.

Click Submit.
After adding the instance, select Grant Access to start the OAuth2 process of granting access to the Versa API data protection cloud. This opens a login prompt for the ServiceNow account. Use ServiceNow Administrator credentials to log in and grant access.

Slack API-Based Data Protection

This section describes how to configure the Slack application for API-DP.

Configure Slack for API-Based Data Protection

For Slack, no configuration is required.

Configure a Slack Connector

To configure a Slack connector in Versa Concerto:

In the Versa Concerto portal, select a tenant under Tenants in the left menu bar.
Go to Configure > Profile and Connectors > SaaS and IaaS Connectors. The following screen displays.
Select the SaaS tab, select Slack in the left column, then click the Add icon. The Add Instance — Slack screen displays.

Enter information for the following fields.

Field	Description
Instance Name (Required)	Enter a name for the instance.
Admin Email (Required)	Enter the email address of the Slack administrator account.
Poll Interval (in Minutes) (Required)	Enter the amount of time between polling events. Range: 15 through 1440 minutes Default: 60 minutes
Services	Select the services to use for the instance. API-Based Data Protection—Scan and protect content.
Confirm	Click to confirm that the steps required to configure the Slack account are complete.

Click Submit.
After adding the instance, select Grant Access to start the OAuth2 process of granting access to the Versa API data protection cloud. This opens a login prompt for the Slack account. Use Slack Administrator credentials to log in and grant access.

Trello API-Based Data Protection

This section describes how to configure the Trello application for API-DP.

Configure Trello for API-Based Data Protection

For Trello, no configuration is required.

Configure a Trello Connector

To configure a Trello connector in Versa Concerto:

In the Versa Concerto portal, select a tenant under Tenants in the left menu bar.
Go to Configure > Profile and Connectors > SaaS and IaaS Connectors. The following screen displays.
Select the SaaS tab, select Trello in the left column, then click the Add icon. The Add Instance — Trello screen displays.

Enter information for the following fields.

Field	Description
Instance Name (Required)	Enter a name for the instance.
Admin Email (Required)	Enter the email address of the Trello administrator account.
Poll Interval (in Days) (Required)	Enter the amount of time between polling events. Range: 1 through 5 days Default: 1 day
Retro Scan	Click to scan and protect all the files and other objects that are present on Trello at the time of connector creation. Warning: Event-based policies will apply to all the existing data, delete action is irrevocable. Deleted data cannot be restored.
Start After	Enter the time required to grant access and configure policies and rules for this instance before starting the retroactive scan. Range: 1 through 14 (hours) or 15 through 1440 (minutes) Default: None
Unit Type	Select the unit of measure for the Start After time, in hours or minutes.
Services	Select the services to use for the instance. API-Based Data Protection—Scan and protect content.
Confirm	Click to confirm that the steps required to configure the Trello account are complete.

Click Submit.
After adding the instance, click “Grant Access” to start the OAuth 2.0 process of granting access to the Versa API-DP cloud. This opens a login prompt for the Trello account. Use administrator credentials to log in and grant access.

Workplace from Meta API-Based Data Protection

This section describes how to configure the Workplace from Meta application for API-DP.

Configure a Workplace Custom Integration

To configure a Workplace custom integration:

Log in with admin credentials at https://www.workplace.com/.
Click Admin Panel in the left menu bar.
Click Integrations under the Admin Panel, and then click Create custom integration in the main pane.
Specify a name and a description, and then click Create to create the custom integration.
In the custom integration you created, access the App ID, Client ID, and access token from Details in the left menu bar.

Note: Custom integrations do not support the OAuth2 flow; as a result, you must use access token shown in this step. This access token does not expire.

Configure Workplace Custom Integration Webhooks

To configure Workplace custom integration webhooks:

In the application window, click Webhooks in the left menu bar.
In the webhooks window, configure individual webhooks by clicking the Edit icon next to the resource name.
Specify the same callback URL and access token for all desired webhooks, select the desired sub-resources, and then click Save.

Configure a Workplace from Meta Connector

To configure a Workplace from Meta connector in Versa Concerto:

In the Versa Concerto portal, select a tenant under Tenants in the left menu bar.
Go to Configure > Profile and Connectors > SaaS and IaaS Connectors. The following screen displays.
Select the SaaS tab, select Workplace from Meta in the left column, then click the Add icon. The Add Instance Workplace from Meta screen displays.

Enter information for the following fields.

Field	Description
Instance Name (Required)	Enter a name for the instance.
Admin Email (Required)	Enter the email address of the Workplace from Meta administrator account.
Domain Name	Enter the domain name of your Workplace from Meta community, for example <domain>.workplace.com.
Retro Scan	Click to scan and protect all the files and other objects that are present on Workplace from Meta at the time of connector creation. Warning: Event-based policies will apply to all the existing data, delete action is irrevocable. Deleted data cannot be restored.
Start After	Enter the time required to grant access and configure policies and rules for this instance before starting the retroactive scan. Range: 1 through 14 (hours) or 15 through 1440 (minutes) Default: None
Unit Type	Select the unit of measure for the Start After time, in hours or minutes.
Services	Select the services to use for the instance. API-Based Data Protection—Scan and protect content.
Confirm	Click to confirm that the steps required to configure the Workplace from Meta account are complete.

Click Submit.
After adding the instance, click “Grant Access” to start the OAuth 2.0 process of granting access to the Versa API-DP cloud. This opens a login prompt for the Workplace from Meta account. Use administrator credentials to log in and grant access.

Zendesk API-Based Data Protection

This section describes how to configure the Zendesk application for API-DP.

Configure Zendesk for API-Based Data Protection

To configure Zendesk for API-DP:

In Zendesk, go to the Admin center.
Add the OAuth client by navigating to Admin Center > Zendesk API > OAuth Client > Add OAuth Client.
Set the unique identifier and type to be confidential, redirect url and generate the secret. Set the unique identifier and redirect URLs, then generate the secret.
Click Save. The secret now needs to be stored. The unique identifier and the secret are the client-id and client-secret used to grant access.
Go to Apps and integrations > Webhooks > Webhooks, then click Create webhook in the upper right corner.
Click the Create Webhook button in the upper right corner of the screen. The Create Webhook screen displays.
Select Trigger or Automation. The following screen displays.
Under Add Details, enter the following information:
1. Enter the Endpoint URL.
2. Select POST as the request method.
3. Select JSON as the request format.
Select Objects and rules > Business rules > Triggers in the left menu bar. In the Triggers screen, click the Add Trigger button in the upper right corner.
Add conditions for when an event happens (in this case, a comment is created/updated).
Click Add condition.
For Actions, choose the webhook you created.
Customize the JSON body.

Configure a Zendesk Connector

To configure a Zendesk connector in Versa Concerto:

In the Versa Concerto portal, select a tenant under Tenants in the left menu bar.
Go to Configure > Profile and Connectors > SaaS and IaaS Connectors. The following screen displays.
Select the SaaS tab, select Zendesk in the left column, and then click the Add icon. The Add Instance — Zendesk screen displays.

Enter information for the following fields.

Field	Description
Instance Name (Required)	Enter a name for the instance.
Admin Email (Required)	Enter the email address of the Zendesk administrator account.
Domain Name (Required)	Enter the domain name of your Zendesk account.
Poll Interval (in Minutes) (Required)	Enter the amount of time between polling events. Range: 15 through 1440 minutes Default: 60 minutes
Retro Scan	Click to scan and protect all the files and other objects that are present on Zendesk at the time of connector creation. Warning: Event-based policies will apply to all the existing data, delete action is irrevocable. Deleted data cannot be restored.
Start After	Enter the time required to grant access and configure policies and rules for this instance before starting the retroactive scan. Range: 1 through 14 (hours) or 15 through 1440 (minutes) Default: None
Unit Type	Select the unit of measure for the Start After time, in hours or minutes.
Services	Select the services to use for the instance. API-Based Data Protection—Scan and protect content.
Confirm	Click to confirm that the steps required to configure the Zendesk account are complete.

Click Submit.
After adding the instance, click Grant Access to start the OAuth 2.0 process of granting access to the Versa API-DP cloud. This opens a login prompt for the Zendesk account. Use administrator credentials to log in and grant access.

Zoom API-Based Data Protection

This section describes how to configure the Zoom application for API-DP.

Configure Zoom for API-Based Data Protection

For Zoom, no configuration is required.

Configure a Zoom Connector

To configure a Zoom connector in Versa Concerto:

In the Versa Concerto portal, select a tenant under Tenants in the left menu bar.
Go to Configure > Profile and Connectors > SaaS and IaaS Connectors. The following screen displays.
Select the SaaS tab, select Zoom in the left column, then click the Add icon. The Add Instance Zoom screen displays.

Enter information for the following fields.

Field	Description
Instance Name (Required)	Enter a name for the instance.
Admin Email (Required)	Enter the email address of the Zoom administrator account.
Retro Scan	Click to scan and protect all the files and transcripts that are present on Zoom at the time of connector creation. Warning: Event-based policies will apply to all the existing data, delete action is irrevocable. Deleted data cannot be restored.
Start After	Enter the time required to grant access and configure policies and rules for this instance before starting the retroactive scan. Range: 1 through 14 (hours) or 15 through 1440 (minutes) Default: None
Unit Type	Select the unit of measure for the Start After time, in hours or minutes.
Services	Select the services to use for the instance. API Based Data protection: Scan and protect content.
Confirm	Click to confirm that the steps required to configure the Zoom account are complete.

Click Submit.
After adding the instance, select Grant Access to start the OAuth2 process of granting access to the Versa API data protection cloud. This opens a login prompt for the Zoom account. Use Zoom Administrator credentials to log in and grant access.

Amazon Web Services API-Based Data Protection

This section describes how to configure Amazon Web Services (AWS) for API-DP.

Configure AWS for API-Based Data Protection

To configure a new instance for AWS:

Log in to https://aws.amazon.com/console/ using administrator credentials.
Set up cross-account access between Versa API data protection and AWS accounts. API data protection requires permissions to assume a role and scan AWS resources. To set up cross-account access, download the CFT zip file (from the AWS Instance creation page in Versa Concerto?) and upload it to a new CloudFormation stack in each AWS account.
Go to Select Services > CloudFormation > Stacks.
Click Create Stack.
Select Upload a template file, click Choose file, and upload the versa-apidp-aws-stack-role.yaml file. Click Next.
In the Specify stack details page, enter a Stack name, then click Next.
In the Configure stack options page, use the default configuration, and click Next.
Review stack details on the Review page, click the acknowledgment and then click Create stack.
When the stack creation is complete, stack will be displayed on the CloudFormation page.
1. Click on the stack to view the details.
2. Click on the Resources tab to view the various components that are part of versa-apidp-aws-stack-role.yaml.
3. Click on the Template tab to view the permissions defined in the template.
In the CloudFormation page, click StackSets and click Create StackSet.
Select IAM role name as AWSCloudFormationStackSetAdministrationRole.
1. Review IAM execution role name is AWSCloudFormationStackSetExecutionRole
2. Select Upload a template file and click Choose file to upload the versa-apidp-aws-stackset-setup.yaml.
3. Click Next.
In the Specify StackSet details page, specify a StackSet name, then click Next.
In the Configure StackSet options page, use the default configuration, then click Next.
In the Set deployment options page, use the default configuration.
1. In Account section, enter your AWS account.
2. In Specify regions, select regions, or click Add all regions, then click Next.
Review StackSet details on the Review page, and then click Submit. When the creation process is complete, StackSet will be displayed on the CloudFormation page.
1. Click on the StackSet to view the details about the StackSet.
2. Click on the Stack instances to view the stack created in the AWS account and AWS region. For details of a stack instance, log into the stack instance's account, navigate to the appropriate region, and then select the desired stack by name.
3. Click on the Template tab to view the permissions defined in the template.

Configure an AWS Connector

To configure an AWS connector in Versa Concerto:

In the Versa Concerto portal, select a tenant under Tenants in the left menu bar.
Go to Configure > Profile and Connectors > SaaS and IaaS Connectors. The following screen displays.
Select the IaaS tab, select AWS in the left column, then click the Add icon. The Add Instance — Amazon Web Services screen displays.

Enter information for the following fields.

Field	Description
Instance Name (Required)	Enter a name for the instance.
Admin Email (Required)	Enter the email address of the Amazon Web Services administrator account.
Services	Select the services to use for the instance. API Based Data Protection—Scan and protect content. Forensic—Use this instance for forensics. Legal Hold—Use this instance for Legal hold. Quarantine—Use this instance for Quarantine files.
Download CFT	Click the Download icon to download the AWS CloudFormation Template (CFT) file.
Provider Information (Group of Fields)
AWS Account Number (Required)	Enter organization AWS account number.
Retro Scan	Click to scan and protect all the files that are present on Amazon S3 at the time of connector creation. Warning: Event-based policies will apply to all the existing data, delete action is irrevocable. Deleted data cannot be restored.
Start After	Enter the time required to grant access and configure policies and rules for this instance before starting the retroactive scan. Range: 1 through 14 (hours) or 15 through 1440 (minutes) Default: None
Unit Type	Select the unit of measure for the Start After time, in hours or minutes.
Confirm	Click to confirm that the steps required to configure the AWS account are complete.

Click Submit.

Google Cloud Platform API-Based Data Protection

This section describes how to configure Google Cloud Platform (GCP) for API-DP.

Configure GCP for API-Based Data Protection

Note:

Do not delete any Pub/Sub or sinks in log routers that have "versa" in their names.
Do not remove access assigned to service accounts created while granting access anywhere throughout the organization.
Do not remove access to accounts for which Google provided grants, especially the Cloud Logging Service Account and the Google Storage Service Agent.
Do not delete any notifications for buckets that are linked to topics that have "versa” in their name.
Do not delete the project in which the service account is created while granting access.
Do not use the key generated for the service account created while granting access, as it is deleted if revoked and may be rotated if key rotation is enabled.

To configure a new instance for GCP:

Log in to GCP at https://console.cloud.google.com/ using administrator credentials.
Create a new project or select an existing project. This project has access to other projects that are monitored by Versa API-DP cloud.
Search for Cloud Resource Manager and select the API.
Click Enable to enable the Cloud Resource Manager API.
Search for the Cloud Pub/Sub API and click Enable.
In the IAM and Admin portal, select Service Accounts in the left menu bar, and then click + Create Service Account.
Enter a service account name and then click Create and Continue.
Download the JSON keys of the service account and save them to a secured location. Then select the service account.
To create a new key, click Keys tab, then click Add Key and select Create New Key.
In the Create Private Key popup window, select the key type as JSON.

If the following error occurs, perform the steps below to resolve it:
1. Navigate to Organization, then go to IAM and Admin > IAM > Grant Access > Add your email address under new principals.
2. Add roles: Owner, Organization Policy Administrator (or Organisation Policy Administrator), and Organization Administrator (or Organisation Administrator) roles.
3. Click Save.
4. Go to Organization Policies and select Disable service account key creation.
5. Click on Manage policy, select Inherit parent's policy, and click Set Policy.
6. Repeat the last two steps in the admin project and retry the key creation.
Go to Organization, go to IAM, and select GRANT ACCESS.
Provide the service account and give the following permissions to this service account.
- Browser
- Viewer
- Organization Administrator (or Organisation Administrator)
- Organization Role Viewer (or Organisation Role Viewer)
Click Save.
Retrieve the Organization ID (ORG_ID) as shown in the screen shot below.
Select the Activate Cloud Shell option located in the top-right corner of the interface.
Run the following command in the Cloud Shell to enable the logging.googleapis.com service across all projects. Be sure to replace [ORG_ID] with the organization ID obtained in Step 14, then execute the command. Remove the brackets ([ ]) in the org ID.

for project in $(gcloud alpha projects list --format="value(projectId)" --organization
[ORG_ID]); do   enabled_logging=$(gcloud services list --enabled --project "$project" --
filter=logging.googleapis.com --format="value(config.name)");   if [ -z "$enabled_logging" ];
then     echo "Logging API not enabled for project: $project";     gcloud services enable
logging.googleapis.com --project "$project";     echo "Enabled Logging API for project:
$project";   fi; done

17 gcp-cloud-shell-command-border.png

If prompted, provide the necessary authorization for Cloud Shell to proceed.

Note: If you revoke an instance in Concerto, perform the following actions to grant access again:

Generate a new key—After revocation, the existing key is deleted. To grant access again, follow Step 9 above to create a new key for the service account.
Set permissions—Before granting access, ensure that appropriate permissions are assigned as outlined above.
Update connector configuration—Replace the old key on the connector with the newly generated one.

Configure a GCP Connector

To configure a GCP connector in Versa Concerto:

In the Versa Concerto portal, select a tenant under Tenants in the left menu bar.
Go to Configure > Profile and Connectors > SaaS and IaaS Connectors. The following screen displays.
Select the IaaS tab, and then click the Add icon. The Add Instance — Google Cloud Platform screen displays.

Enter information for the following fields.

Field	Description
Instance Name (Required)	Enter a name for the instance.
Admin Email (Required)	Enter the email address of the GCP administrator account.
Services	Select the services to use for the instance. API Based Data Protection—Scan and protect content. Forensic—Use this instance for forensics. Legal hold—Use this instance for Legal hold. Quarantine—Use this instance for Quarantine files.
Provider Information (Group of Fields)
Project ID (Required)	Enter the project_id where the service account is created.
Retro Scan	Click to scan and protect all the files that are present on GCP at the time of connector creation. Warning: Event-based policies will apply to all the existing data, delete action is irrevocable. Deleted data cannot be restored.
Start After	Enter the time required to grant access and configure policies and rules for this instance before starting the retroactive scan. Range: 1 through 14 (hours) or 15 through 1440 (minutes) Default: None
Unit Type	Select the unit of measure for the Start After time, in hours or minutes.
Upload the Private Key JSON File (Required)	Upload the private key JSON file generated for the service account. Click Browse to select the private JSON key file from your local system.
Rotate Key	Click to automatically generate new private key JSON files.
Interval (Days)	Select the interval between the automatic generation of private keys JSON files, in days. The options are: 30 45 60 75 90 180
Confirm	Click to confirm that the steps required to configure the Google Cloud Platform account are complete.

Click Submit.

Microsoft Azure API-Based Data Protection

This section describes how to configure Microsoft Azure for API-DP.

Configure Microsoft Azure for API-Based Data Protection

To configure a new instance for Microsoft Azure:

Note:

Do not delete any Event subscriptions that have "versa" in their names.
Do not delete the application that is created while granting access.
Do not delete the subscription that is selected while granting access.
Do not remove the access assigned/API permissions/client secrets of the application created while granting access.
Do not use the client secret created in the application while granting access, as it is rotated frequently based on the rotation interval selected.

Register the application on the Admin Azure portal:

Login to portal.azure.com using admin account.
In the search bar, search for App Registration.
Click New Registration.

Enter the following information, and then click Register.

2 az-register-an-app.png

Field	Description
Name (Required)	Enter a name for the application.
Supported Account Types	Select Accounts in this organizational directory only (Versa Networks only - Single tenant).

Record the client ID, tenant ID, and client secret:
1. Record the application (client) and directory (tenant) ID.
2. Select Certificates and Secrets in the left menu bar,
3. Click + New client secret.
4. Enter a description and expiry time, and then click Add.
5. Copy the Value (not the secret ID) and save it to a safe location. The client secret is no longer accessible after you leave the page.
Assign API permissions in the created application.
1. Click API Permissions in the left menu column of the created application, then select + Add a permission in the main pane.
2. The Request API Permissions popup window displays. Select Microsoft Graph.
3. Select Delegated Permissions, then do the following:
  1. Under the User category, select User.Read.
  2. Under the Directory category, select Directory.AccessAsUser.All.
4. Select Application Permissions, then do the following:
  1. Under Application Category, select Application.ReadWrite.All.
  2. Under Directory Category, select Directory.ReadWrite.All
  3. Under PriviledgedAccess Category, select PriviledgedAccess.Read.AzureResources.
  4. Under PriviledgedAccess Category, select PriviledgedAccess.ReadWrite.AzureAD.
  5. Under User Category, select User.ReadWrite.All.
5. Click Add Permissions as shown in the screenshot, above.
6. Click Grant Admin Consent for (your org).
Assign roles to the application to grant permission:
1. In the search bar, search for Subscription.
2. Select any subscription. You are prompted to the overview page of the subscription.
3. Copy the subscription ID.
4. Select Access Control (IAM) in the left menu bar.
5. Select Add > Add role assignment.
6. Select Contributor from the Privileged Administrator Roles, and then click Next.
7. Enter information for the following fields.
  - Assign access to—Keep the default selection (User, group, or service principal).
  - Members—Click + Select members.
  - Name—Enter the name of the application you created.
  - Click Application, and then click Select.
  - Click Review + Assign.
  - Click Review + Assign again.
8. Same as the Contributor role, assign Reader and Storage Blob Data Contributor roles, which are under the Job function roles, to the app that you created one by one.
Go to All Subscriptions, select each subscription and, under Settings -> Resource Providers in the left menu bar, search for “Microsoft.EventGrid”. Check to see if it is registered. If it is not registered use, click the three dots “...” option and register the subscription.
Keep the client-id, client-secret, tenant-id, and subscription-id ready for the next step.

Note: If you revoke an instance in Concerto, perform the following actions to grant access again:

Generate a new key—After revocation, the existing key is deleted. To grant access again, follow Step 2b through 2e to create a new client secret.
Update connector configuration: Replace the old client secret on the connector with the newly generated one.

Configure a Microsoft Azure Connector

To configure a Microsoft Azure connector in Versa Concerto:

In the Versa Concerto portal, select a tenant under Tenants in the left menu bar.
Go to Configure > Profile and Connectors > SaaS and IaaS Connectors. The following screen displays.
Select the IaaS tab, select Microsoft Azure in the left column, then click the Add icon. The Add Instance — Microsoft Azure screen displays.

Enter information for the following fields.

Field	Description
Instance Name (Required)	Enter a name for the instance.
Admin Email (Required)	Enter the email address of the Microsoft Azure administrator account.
Services	Select the services to use for the instance. API Based Data Protection—Scan and protect content. Forensic—Use this instance for forensics. Legal hold—Use this instance for Legal hold. Quarantine—Use this instance for Quarantine files.
Provider Information (Group of Fields)
Subscription ID	Enter the Microsoft Azure subscription ID obtained during the configuration.
Directory ID (Tenant ID)	Enter the Microsoft Azure directory ID of the tenant obtained during the configuration.
Client ID (Required)	Enter the client ID obtained during the configuration.
Client Secret (Required)	Enter the client secret generated in Microsoft Azure.
Client Secret Rotation Interval (Days)	Select the interval between the rotation of the client secret, in days.
Retro Scan	Click to scan and protect all the files that are present on Microsoft Azure at the time of connector creation. Warning: Event-based policies will apply to all the existing data, delete action is irrevocable. Deleted data cannot be restored.
Start After	Enter the time required to grant access and configure policies and rules for this instance before starting the retroactive scan. Range: 1 through 14 (hours) or 15 through 1440 (minutes) Default: None
Unit Type	Select the unit of measure for the Start After time, in hours or minutes.
Confirm	Click to confirm that the steps required to configure the Microsoft Azure account are complete.

Click Submit. The new Azure instance is displayed.

Oracle Cloud Infrastructure API-Based Data Protection

This section describes how to configure Oracle Cloud Infrastructure for API-DP.

Configure Oracle Cloud Infrastructure for API-Based Data Protection

To configure a new instance for Oracle Cloud Infrastructure:

In Oracle Cloud, log in to the administrator's profile.
In the top navigation bar, select Tokens and Keys.
In the API Keys window, click Add API Key.
In the popup window, click “download private key” and 'Add' to proceed.
In the Configuration File Preview screen, click Copy to copy the file contents.

Note: Do not make any modifications to the copied contents of the configuration file.
Add an instance for Oracle Cloud Infrastructure that includes the private key and the copied configuration file preview information.

Note:

Ensure that the tenant has the appropriate service limits configured to support the creation of topics in the OCI Notifications Service and rules in the OCI Events Service.
Do not delete any topics in the OCI Notifications Service or rules in the OCI Events Service that include "Versa" in their names.
When managing API keys, avoid deleting any keys unless you are confident about their purpose. New API keys may be automatically generated when key rotation is enabled.
When grant access is done, "Emit Object Events" is enabled on all the buckets in the organization to monitor the events on the buckets.

Note: If you revoke an instance in Concerto, perform the following actions to grant access again:

Generate a new API key—After revocation, the existing API key will be deleted. To grant access again, follow the steps again to create and get the new configuration file and private key.
Update the connector—Replace the old configuration file and private key on the connector with the newly generated ones.

Configure an Oracle Cloud Infrastructure Connector

To configure a connector for Oracle Cloud Infrastructure in Versa Concerto:

In the Versa Concerto portal, select a tenant under Tenants in the left menu bar.
Go to Configure > Profile and Connectors > SaaS and IaaS Connectors. The following screen displays.
Select the IaaS tab, select Oracle Cloud Infrastructure in the left column, then click the Add icon. The Add Instance Oracle Cloud Infrastructure screen displays.

Enter information for the following fields.

Field	Description
Instance Name (Required)	Enter a name for the instance.
Admin Email (Required)	Enter the email address of the Oracle Cloud Infrastructure administrator account.
Services	Select the services to use for the instance. API Based Data Protection—Scan and protect content. Forensic—Use this instance for forensics. Legal hold—Use this instance for Legal hold. Quarantine—Use this instance for Quarantine files.
Provider Information (Group of Fields)
Config File (Required)	Enter the name of the config file, which contains basic authentication details.
Retro Scan	Click to scan and protect all the files that are present on Oracle Cloud Infrastructure at the time of connector creation.
Upload the Private Key File (Required)	Click Browse to upload the private key file of the administrator.
Rotate Key	Click to automatically generate new private keys.
Interval (Days)	Select the interval between the automatic generation of private keys, in days. The options are: 30 45 60 75 90 180
Confirm	Click to confirm that the steps required to configure the Oracle Cloud Infrastructure account are complete.

Click Submit.

Application Vendor License Requirements

SaaS Application	License Requirement
Asana	Advanced, Enterprise, Enterprise+
Box	Business, Business Plus, Enterprise, Enterprise Plus
Cisco Webex Teams	Webex Meet, Suite, Enterprise
Citrix ShareFile	Advanced, Premium, Industry Advantage, Virtual Data Room
Confluence	Atlassian Free, Standard, Premium, Enterprise
Dropbox	Business, Business Plus, Enterprise
Egnyte	Business, Enterprise Lite, Enterprise
Google Drive	Google Workspace with Business Standard, Business Plus, Enterprise
GitHub	Team, Enterprise
GitLab	Premium, Ultimate (Self Managed, GitLab.com)
Gmail	Google Workspace with Business Standard, Business Plus, Enterprise
Jira	Atlassian Free, Standard, Premium, Enterprise
Microsoft OneDrive	Microsoft 365/Office 365 enterprise licenses that offer OneDrive subscription
Microsoft Outlook	Microsoft 365/Office 365 enterprise licenses that offer Outlook subscription
Microsoft SharePoint	Microsoft 365/Office 365 enterprise licenses that offer SharePoint online subscription
Microsoft Teams	Microsoft 365/Office 365 E5 license
Microsoft Yammer	Microsoft 365 account with Yammer admin access
Notion	Plus, Business, Enterprise
Salesforce	Salesforce editions with API access: Developer, Enterprise, Unlimited, Performance
ServiceNow	N/A
Slack	Free, Pro, Business+, Enterprise Grid
Trello	Atlassian Free, Standard, Premium, Enterprise
Workplace by Meta	N/A
Zendesk	Plans that support Custom business rules (triggers and automation): Suite Team, Growth, Professional, Enterprise
Zoom	Pro, Business

Supported Operations for Each Application

		Event Polling
Application	Webhook	Supported	Minimum Interval	Maximum Interval	Default Interval	Retro-Scan/ Scheduled Job	Comments
Iaas Applications
Amazon Web Services (AWS)	Yes	No	—	—	—	Yes
Google Cloud Platform (GCP)	Yes	No	—	—	—	Yes
Microsoft Azure Cloud	Yes	No	—	—	—	Yes
Oracle Cloud Infrastructure (OCI)	Yes	No	—	—	—	Yes
SaaS Applications
Asana	Yes	No	—	—	—	Yes
Box	Yes	Yes	15 min	1440 min	60 min	Yes
Cisco Webex Teams	No	No	—	—	—	Yes
Citrix Fileshare	Yes	Yes	15 min	1440 min	60 min	Yes
Confluence	Yes	Yes	15 min	1440 min	60 min	Yes	Scheduled Job / Retro Scan is only done for files / attachments
Dropbox	Yes	Yes	100 min	1440 min	150 min	Yes
Egnyte	Yes	Yes	15 min	1440 min	60 min	Yes
Google Drive	Yes	Yes	15 min	1440 min	60 min	Yes
GitHub	Yes	Yes	60 min	1440 min	720 min	Yes
GitLab	Yes	Yes	1 day	5 days	1 day	Yes
Gmail	No	Yes	60 min	1440 min	120 min	No
Jira	Yes	Yes	15 min	1440 min	60 min	Yes	Scheduled Job / Retro Scan is only done for files / attachments
Microsoft OneDrive	Yes	Yes	15 min	1440 min	60 min	Yes
Microsoft Outlook	Yes	Yes	60 min	1440 min	120 min	No
Microsoft SharePoint	Yes	Yes	15 min	1440 min	60 min	Yes
Microsoft Teams	Yes	Yes	60 min	1440 min	120 min	No
Microsoft Yammer	No	Yes	15 min	1440 min	60 min	No
Notion	No	Yes	15 min	1440 min	60 min	Yes
Salesforce	Yes	Yes	15 min	1440 min	60 min	Yes	Scheduled Job / Retro Scan is only done for files / attachments
ServiceNow	Yes	Yes	15 min	1440 min	60 min	Yes
Slack	Yes	Yes	15 min	1440 min	60 min	Yes	Scheduled Job / Retro Scan is only done for files /attachments
Trello	Yes	Yes	1 day	5 days	1 day	Yes	Scheduled Job / Retro Scan is only done for files /attachments
Workplace from Meta	—	Yes	—	—	—	Yes
Zendesk	Yes	Yes	15 min	1440 min	60 min	Yes
Zoom	Yes	No	—	—	—	Yes

Application Instructions and Limitations

Application Limitations
Application	Limitations
Box	File share, file delete, and comment activities performed on the root folder are handled via polling.
Gmail	Actions on any resource is not supported. In Quarantine, Legal Hold, and Forensic cases, file gets uploaded to destination, but cannot be deleted on the source (Gmail).
Microsoft Outlook	Action will only be taken on the users within the organization.
Microsoft Teams	File events are handled by Microsoft OneDrive. (Images are still accessible via Microsoft Teams, even after they are deleted from Microsoft OneDrive).
Microsoft Yammer	File events are handled by Microsoft SharePoint. Events will be scanned only if the administrator (the user who granted access) is part of the community.
Salesforce	DLP—Redact Support is only available for attachments and files.
Slack	Events will be scanned only if the administrator is part of the conversation, except for public channels. On Direct messages, action will not be taken.

Supported Software Information

Releases 11.1.1 and later support all content described in this article, except:

In Release 12.2.1, the application connector UI screens were moved to the Application Connector folder under Configure > Profiles and Connectors.
In Release 12.2.2, the Application Connector folder under Configure > Profiles and Connectors was renamed SaaS and Iaas Connectors.

Additional Information

Configure API-Based Data Protection Policies for IaaS
Configure API-Based Data Protection Policy for SaaS