Updated on March 4, 2025

Google Drive and Netskope DRM

Google Drive and Netskope DRM

Classification labels allows you to create, modify, and delete security classification identifiers for content in your organization’s Google deployment. With classification labels, you can classify files based on their sensitivity and enforce access policies associated with that sensitivity level. Classification labels help you identify sensitive information and encourage smarter behavior when people handle that content.

Label Badges are for your organization’s most critical metadata, and visually emphasized on files they’re applied to. The label badge is listed next to the file name when users open a file in Google Docs, Sheets, or Slides on the web. For other file types, such as PDFs, the label badges is listed in the file’s Labels pane along with any other labels.

Labels can be applied to files in the following manner:

Creation of labels from the Google-side will look like the following (the number is the priority):

The classification label appears here, under Details in the right-hand sidebar, and also next to the file’s name in Preview when users select or preview content. The definition, under the label in the right-hand sidebar, is where you can include information describing the classification in further detail.

Prerequisite:

Configure Google Drive for the Next Generation API Data Protection

Please see the base configuration that must be done before proceeding further.

Netskope also requires the following scopes:

  • https://www.googleapis.com/auth/drive.admin.labels.readonly

  • https://www.googleapis.com/auth/drive.metadata

Setup

Google allows customers to create multiple badge labels, and within those label badges, multiple standard labels (now called fields). However, Netskope has a limitation where only one label badge will be supported at this time. Supporting label badges is only for Google Drive and Gmail is not supported.
For more information, see Google’s documentation on Creating classification labels for your organization.

In addition, Sensitivity Labels must be synced manually with Sync Sensitivity Labels. Labels ARE NOT automatically synced.
Customers can have one or more labels. However, one label must be defined with all the necessary badged fields and this label should not have any standard labels. Google Drive must be selected for the defined badge label or the functionality will not work.

  1. Go to Settings > Manage > Sensitivity Label Integration

  2. Click Setup Instance > Google Drive, enter the Instance Name, and click Grant Access.

  3. Click on the right-side of your newly setup instance and click View.

  4. Order is a way for customers to configure and assign a priority to the classification labels. The lower the numerical value, the higher the Order and priority.

    The associated number in the Order field shall be used for policy evaluation when applying the labels as a Policy Action.

    Order is the priority order that is defined when the label fields are created. The same order will be considered for policy evaluation upon conflict.

    For the CASB API, multiple policies can be triggered. If these have different policy actions, the priority determines which action will be applied. The highest (lowest number) Order will have the policy action applied.

Creating an API Data Protection Policy

Policy Creation

To create a policy:

  1. Navigate to Policies -> API Data Protection -> Next-Gen -> New Policy.

  2. For App Instances, select your Google instance.

  3. Choose the label that should be applied

Share this Doc

Google Drive and Netskope DRM

Or copy link

In this topic ...