Google Drive

How to configure a Google Drive connection to scan files and folders.

Create OAuth2 Credentials

Create a Project in Google Cloud Console:
- Go to the Google Cloud Console
- Create a new project or select an existing project
Enable the Google Drive, Drive Labels and Admin SDK API:
- In the Google Cloud Console, navigate to APIs & Services > Library
- Search for "Google Drive API" and click on it
- Click the "Enable" button to enable the Google Drive API for the project
- Search for "Admin SDK API" and click on it
- Click the "Enable" button to enable the Admin SDK API for the project
- Search for "Drive Labels API" and click on it
- Click the "Enable" button to enable Drive Labels API for the project
Create OAuth 2.0 Credentials:
- In the Google Cloud Console, navigate to the APIs & Services > Credentials
- Click "Create credentials" and select "Service account"
- Enter a name in the Service account name field and click CREATE AND CONTINUE
- Under Grant this service account access to the project, select role as Owner and click DONE
- Select the newly created service account and click Keys > Add Key > Create new key
- Make sure the key type is set to json and click Create
- The new private key pair is generated and downloaded to the machine. Note the values of private_key, client_email and client_id

Delegate domain-wide authority to your service account

From your domain's Admin console, go to Main menu menu > Security > Access and data control > API controls

In the Domain wide delegation pane, select "MANAGE DOMAIN-WIDE DELEGATION"

Click Add new

In the Client ID field, enter the client ID obtained from the service account creation steps above
In the OAuth Scopes field, enter a comma-delimited list of the scopes required for the application

Use the below scopes:
For scanning
- https://www.googleapis.com/auth/admin.directory.user.readonly
- https://www.googleapis.com/auth/admin.directory.group.readonly
- https://www.googleapis.com/auth/drive.readonly
For revoke permissions
- https://www.googleapis.com/auth/drive
For tagging
- https://www.googleapis.com/auth/drive.file
- https://www.googleapis.com/auth/drive
- https://www.googleapis.com/auth/drive.admin.labels
- https://www.googleapis.com/auth/drive.metadata
- https://www.googleapis.com/auth/drive.labels
For Extended Streaming Events
- https://www.googleapis.com/auth/admin.reports.audit.readonly
Click Authorize

Provide required Admin roles to a user

In order to perform a scan using Google Drive connector, it needs a user with the below Admin roles assigned:

Services Admin
User Management
Groups Reader

They can be added/checked here for the UserID which will be used for impersonation: admin.google.com > Directory > Users > Assign roles > add Services Admin, User Management, and Groups Reader roles, as follows:

Navigate to Admin console
Select Users under Directory from the left menu

Select a user you want to use for scanning
Navigate to User details -> Admin roles and privileges

Edit the roles, and enable:
- Services Admin
- User Management
- Groups Reader
Click on Save

Note: It might take few minutes before the changes are affected.

Configuring Google Drive connector in Dashboard

Navigate to Administration -> Data Sources -> Google Drive -> New scan

Enter the details of the OAuth2 credentials obtained previously, also add the user id (in the form of user@domain.com) of the user you assigned roles in the above steps
Click on the Folder icon in Path to select a particular user's drive to scan, or leave the path as empty to scan all users

Save the configuration
Once the configuration is saved, click on the icon on the right and select Start file scan to begin scanning

The scan results can be viewed under Dashboard -> Enterprise Search

File tagging

Prerequisites

Default Getvisibility labels need to be created in Google Drive. This process is described below:

Turn on Drive labels for the organization
1. In the Google Admin Console (at admin.google.com)
3. Click Labels
4. Select Turn Labels On
5. Click Save
Create Drive labels:
1. Go to the labels manager at https://drive.google.com/labels.
  Requires having the Manage Labels privilege.
2. Click New label.
3. To create one badged label:
  1. Choose a badged label
  2. Choose to start from an example, or from scratch.
  3. Update the title as Classification.
  4. (Optional) Add a description or a learn more URL that points to internal documentation about the label.
  5. Customize options, and assign a colour.
4. To create a standard label:
  1. Two standard labelsneed to be created; Distribution and Compliance
  2. Click a standard label template or click Create New.
  3. Enter or update the label name.
  4. (Optional) Add a description.
  5. Choose whether the label is copied when the file is copied.
  6. Add a field.
Publish the labels
1. If it’s not open already, open the labels manager (https://drive.google.com/labels) and click the label.
2. Review the label and any fields.
3. Click Publish.
4. Confirm that the lable will be published by clicking Publish.

PreviousGoogle IAM NextChatGPT

Last updated 9 days ago

Was this helpful?