Google Drive is Google Workspace's file storage application. Google Drive supports Google native document formats, such as Docs, Slides and Sheets, as well as other formats including Microsoft Office documents, PDFs and images. Google Drive can be managed by the RecordPoint platform.
There are two types of Drives in Google Drive:
- Shared Drive: folders where you can store and collaborate on files within a department or team. Files in Shared Drives are owned by the organization and belong to a team.
- My Drive: files and folders owned by an individual Google user.
RecordPoint handles both Drive types.
Setup Process Overview:
The following steps are used to connect and configure your Google Drive connector in RecordPoint:
1. Configure Google Drive account
2. Add the Google Drive Connector
3. Configure the Google Drive Connector
1. Configure Google Drive account
Before you enable the Google Drive Connector in RecordPoint, you will need to undertake the following action in Google:
- Ensure your user is a Super Admin
- This will ensure your user has the appropriate permissions to link RecordPoint to your Google Drive account.
- Enable the necessary APIs
- This ensures that you can update access management and generate a key that connects to Google Drive.
- Generate a Service Account Key
- RecordPoint will use the Service Account Key to identify your account and gain permissions to access the information in it.
- Enable OAuth Scopes for your Service Account
- These ensure that your Service Account can undertake necessary actions, such as reading labels and deleting documents.
Ensure your user is a Google Super Admin
Follow these Google instructions for how to delegate your user as a Super Admin.
Enable the necessary APIs
1. Enable Google Workspace APIs
- You can enable Google Workspace APIs in Google in the Admin Console or directly via API. Use this link to enable the Google Drive API via Console or do it via API.
- You will need to enable:
- Google Drive API
- Drive Labels API
- Admin SDK API
2. Enable IAM API
- This is Google’s Identity and Access Management (IAM) API. Enabling the IAM API means that you can grant permission to authenticate calls to Google Cloud APIs.
- You can enable this API using the console. Use this link to enable the IAM API or do it via API.
Generate a Service Account Key
Before you create a Service Account Key, undertake the following checks in the Google Cloud Console:
-
In order to generate a Secret Key, you may need to:
-
Ensure your admin has the correct permissions
- In the IAM tab, ensure your admin has each of the 'Role Organization Policy Administrator', 'Organization Viewer', 'Tag Administrator' and 'Service Account Key Admin' roles
- More information on managing permissions
-
Ensure the correct organization policy is enabled
- In the Organization policies tab, select 'Disable service account key creation' and Edit policy to Replace parent and ensure it is Not enforced.
- More information on organization policies
-
Ensure your admin has the correct permissions
In order to generate a Service Account Key, you must:
- Create a Project in your Google Cloud Console (or use an existing project)
- Create a Service Account in your Project
- Select the Keys tab in your Service Account
- Select Add Key > JSON
- If you receive an error at this point, repeat the checks above.
-
The key will download to your computer in JSON format
-
Copy and paste the entire contents of the JSON file into the Service Account Key field in RecordPoint when configuring the connector
More information on creating a service account key
Enable OAuth Scopes for your Service Account
This step ensures that your Service Account has access to the necessary OAuth Scopes to read and delete information in Google Drive. In order to enable these scopes, you must:
- Go to the Google Admin Console
-
Navigate to Main menu > Security > Access and data control > API Controls > Manage Domain Wide Delegation > Add New
- Enter the Service Account Unique ID details from the account you created in the previous step
- Enable the following OAuth Scopes:
More information on OAuth Scopes
2. Add the Google Drive Connector
- Select the Settings icon in the top right hand corner of RecordPoint.
- Select Add Connector and select the Google Drive in the Gallery.
- Select + Add.
- The Connector Details page will display.
- The Google Drive connector has now been created. Move to the next step under 'Configure the Google Drive Connector'.
3. Configure the Google Drive Connector
Now that the connector instance has been created, complete the authorization for the connector to manage your Google Drive.
Enter your Google details
On the Google Drive Connector details page you will need to enter:
- Your Service Account Key
- Instructions on how to generate a Secret Key are above in Configure Google Drive account.
-
Copy and paste the entire contents of your downloaded JSON file that you downloaded from Google into this field.
- Your Super Admin Email
- Instructions on how to designate an account as a Super Admin are above in Configure Google Drive account.
- Your Domain
-
Your Google domain after the @ sign e.g. recordpoint.com
-
Specify what content you want to ingest
- Select the Manage Drives drop down menu and choose whether you want to manage all Drives, all Shared Drives, all My Drives or only selected, specified drives.
Exclude drives
-
Once you make a selection e.g. All Drives, you can choose specific Drives to exclude by selecting Add for exclusion.
-
Select which type of Drive you would like to exclude (Shared Drive or My Drive).
-
Ensure you type in the Drive title accurately as this is how it will display in RecordPoint.
- Enter the Drive ID of the Shared Drive or My Drive you'd like to exclude. Information on how to find the IDs is below.
Find Shared Drive 'Drive ID's
- Navigate to the Shared Drive page and copying the string at end of the url after /folders/
- For example: the Shared Drive url may be drive.google.com/folder/0FJis9A1Kd-rKBd8DIA
- '0FJis9A1Kd-rKBd8DIA' is your Shared Drive ID.
Find My Drive ‘Drive ID’s
- In Google Drive, select your profile icon in the top right corner and copy the email address.
- Note: This My Drive ‘Drive ID’ will be different to the ‘Drive ID’ found in RecordPoint metadata which will be a alphanumeric string. For the purpose of ingestion ONLY, My Drive ID refers to the email address of the My Drive user e.g. conrad.jackson@recordpoint.com
Once enabled, the connector will only pull in content created or updated after the connection. To ingest content that was created before the connection, use Content Registration.
-
Select Register all existing content. This will register your content in line with your exclusion/inclusion preferences that you just set.
-
If you select no automatic content registration, only data created after the connector is enabled will be ingested.
For read only permissions, see this article