Google Drive
- 06 Oct 2024
- 2 Minutes to read
- Contributors
- Print
- DarkLight
Google Drive
- Updated on 06 Oct 2024
- 2 Minutes to read
- Contributors
- Print
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback
Connection
The Google Drive connection is established through SSO with an OAuth2 authorization flow. This process involves using the connecting user's credentials and requires read scopes during the setup:
<https://www.googleapis.com/auth/drive.photos.readonly>
<https://www.googleapis.com/auth/contacts.readonly>
<https://www.googleapis.com/auth/drive.readonly>
<https://www.googleapis.com/auth/drive.metadata.readonly>
<https://www.googleapis.com/auth/drive.activity.readonly>
openid
email
profile
Service Account
Utilizing a Service Account connection is suitable when you prefer a connection that isn't tied to a specific user but requires additional configuration.
Creating a Service Account
Refer to the instructions here.
Enable the Google Drive API and Admin SDK APIs (if RLP is required).
Configure the OAuth Consent screen with the specified scopes (including RLP scopes, if applicable).
Download the JSON credentials for your Service Account.
Sharing Drives/Folders/Files
Each Service Account is associated with an email address visible on the IAM screen in your GCP project here.
Copy the email address and use it to grant access to drives and folders, allowing them to be indexed in Unleash.
Please note that a self-serve connection screen is unavailable for Service Account connections. If you wish to establish this connection, kindly contact your Unleash representative for assistance. Share the JSON credentials obtained earlier to facilitate the setup on the backend.
Supported Resources
Files
Folders
Contacts
Filtering and Selection
When connecting, you can refine the connected account's index scope by selecting specific Folders or shared Drives. However, it's important to note that this does not alter the token's (credentials) scopeāthe token retains access to all available files.
Note: By default Unleash indexes files located in the Trash folder. Since Google removes files from the Trash folder after a period of 30 days, Unleash will also eliminate those files from the sync as well. To modify these preferences and prevent files from being included from Trash, please reach out to your Unleash representative.
Sync
Initial Connection: The integration fetches all files from the selected folders/shared drives
Post-Initial Sync: Updates for files are captured by the integration every 15 minutes.
Near Real-Time Sync- The integration also watches for updates and syncing changes near real-time.
API Calls
Below is a table outlining the main endpoints used by the integration:
Resource Level Permissions (RLP)
RLP is implemented in Google Drive to ensure shared links adhere to the set permissions within Google Drive. The provided documentation provides more information about RLP Links and other link types. RLP enforces permissions at the drive level.
Connection
To connect Google Drive as RLP, a user with read access to the Google Workspace directory is required.
Syncing the directory allows the integration to understand the hierarchy of users and groups, match it to Unleash users, and enforce permissions.
Additional scopes are required for RLP Connection:
<https://www.googleapis.com/auth/admin.directory.group.readonly>
<https://www.googleapis.com/auth/admin.directory.user.readonly>
<https://www.googleapis.com/auth/admin.directory.domain.readonly>
Additional API Calls
Additional endpoints used for permission enforcement are listed in the table below:
Example Questions
Who wrote the XYZ spec?
Who is the product manager for on-prem coverage?
Why should a customer upgrade from suite professional to suite enterprise? Create a bulleted list.
Why would a customer use ABC vs. XYZ?
What is our 401K plan?
Was this article helpful?