Connector Authentication

In order to allow the Google Drive Connector to make requests to the relevant Google Drive APIs, the relevant credentials must be applied to the connector config.

To do this, a Service Account with relevant permissions needs to be set up within the Google Cloud Platform, after which a Key File can then be created and inserted into the connector config credentials.

First you must log into the Goggle Cloud Platform and go to the Console.

Create and Configure a Google Cloud Project

If you do not already have a relevant project set up, then you can create one within the Console by selecting Create a Google Cloud Project. You must specify a name for your project. You can specify a Project ID and then proceed with creating the project..

Enabling APIs within a Google Cloud Project

Within the project the Drive API API need to be enabled. Go to Enable Google APIs. and choose APIs & Services and click Enable APIs and Services. You then need to enable the:

• Drive API.
• and Admin SDK API (needed for evaluation of permissions and/or if using Domain-Wide Delegation)

Create and Configure a Service Account

In the APIs & Services section, click on Credentials and click on Create credentials to create a services account.

Specify a name for the service account and a service account ID. Click Done to create the service account.

The service account needs to have access to at least the following scope:

• https://www.googleapis.com/auth/drive.readonly

The service account needs to be granted access by a super administrator for your Google Cloud domain.

The Google Drive Documentation describes the neccesary steps to enable Google Workspace domain-wide delegation. In particular, you will need to grant the following OAuth Scopes to your service account:

• https://www.googleapis.com/auth/admin.directory.group.readonly
• https://www.googleapis.com/auth/admin.directory.user.readonly
• https://www.googleapis.com/auth/drive.readonly
• https://www.googleapis.com/auth/drive.metadata.readonly

These scopes allow the Google Drive Connector to:

• access user data and their group memberships in a Google Workspace organization
• access Google Drive data in drives associated to Google Workspace members

Create a Key File for use in the Connector Config

In the Cloud Console, go to IAM and Admin and then go to the Service accounts page.

Go to the service account that you previously created (or already exists) that you want to create a Key File for and click the Keys tab.

From within the tab, click the Add key drop-down and click Create new key.

For the Key Type, select Json and then click Create. This will download a Json file that will contain the service account credentials.

You can then insert the values from the json file, into the Google Drive Connector Config -> Credentials json.

Shared Drives

If you have enabled Domain-Wide Delegation for the service account, then it should automatically have access to Shared Drives and nothing further needs to be done.

If you have not enabled Domain-Wide Delegation for the service account, then you will have to explicitly share the relevant drives with the Service Account for the Google Drive Connector to be able to synchronise their content.

To share a drive or folder - and all of its children (files and folders), you can right click it and click Share. You can then share the drive with the service account that you have configured the Google Drive Connector to use.