Connector Authentication
In order to allow the Google Drive Connector to make requests to the relevant Google Drive APIs, the relevant credentials must be applied to the connector config.
To do this, a Service Account with relevant permissions needs to be set up within the Google Cloud Platform, after which a Key File can then be created and inserted into the connector config credentials.
First you must log into the Goggle Cloud Platform and go to the Console.
Create and Configure a Google Cloud Project
If you do not already have a relevant project set up, then you can create one within the Console by selecting Create a Google Cloud Project. You must specify a name for your project. You can specify a Project ID
and then proceed with creating the project..
Enabling APIs within a Google Cloud Project
Within the project the Drive API API need to be enabled. Go to Enable Google APIs. and choose APIs & Services
and click Enable APIs and Services
. You then need to enable the:
- Drive API.
- and Admin SDK API (needed for evaluation of permissions and/or if using Domain-Wide Delegation)
Create and Configure a Service Account
In the APIs & Services
section, click on Credentials
and click on Create credentials
to create a services account.
Specify a name for the service account and a service account ID. Click Done
to create the service account.
The service account needs to have access to at least the following scope:
https://www.googleapis.com/auth/drive.readonly
The service account needs to be granted access by a super administrator for your Google Cloud domain.
The Google Drive Documentation describes the neccesary steps to enable Google Workspace domain-wide delegation. In particular, you will need to grant the following OAuth Scopes to your service account:
- https://www.googleapis.com/auth/admin.directory.group.readonly
- https://www.googleapis.com/auth/admin.directory.user.readonly
- https://www.googleapis.com/auth/drive.readonly
- https://www.googleapis.com/auth/drive.metadata.readonly
These scopes allow the Google Drive Connector to:
- access user data and their group memberships in a Google Workspace organization
- access Google Drive data in drives associated to Google Workspace members
Create a Key File for use in the Connector Config
In the Cloud Console, go to IAM and Admin
and then go to the Service accounts
page.
Go to the service account that you previously created (or already exists) that you want to create a Key File for and click the Keys
tab.
From within the tab, click the Add key
drop-down and click Create new key
.
For the Key Type
, select Json
and then click Create. This will download a Json
file that will contain the service account credentials.
You can then insert the values from the json file, into the Google Drive Connector Config -> Credentials json.
Shared Drives
If you have enabled Domain-Wide Delegation for the service account, then it should automatically have access to Shared Drives and nothing further needs to be done.
If you have not enabled Domain-Wide Delegation for the service account, then you will have to explicitly share the relevant drives with the Service Account for the Google Drive Connector to be able to synchronise their content.
To share a drive or folder - and all of its children (files and folders), you can right click it and click Share
. You can then share the drive with the service account that you have configured the Google Drive Connector to use.
Updated 5 months ago