PlatformProduct updates

Google Drive

How to configure a Google Drive connection to scan files and folders.

Create OAuth2 Credentials

  • Create a Project in Google Cloud Console:

  • Enable the Google Drive, Drive Labels and Admin SDK API:

    • In the Google Cloud Console, navigate to APIs & Services > Library

    • Search for "Google Drive API" and click on it

    • Click the "Enable" button to enable the Google Drive API for the project

    • Search for "Admin SDK API" and click on it

    • Click the "Enable" button to enable the Admin SDK API for the project

    • Search for "Drive Labels API" and click on it

    • Click the "Enable" button to enable Drive Labels API for the project

  • Create OAuth 2.0 Credentials:

    • In the Google Cloud Console, navigate to the APIs & Services > Credentials

    • Click "Create credentials" and select "Service account"

    • Enter a name in the Service account name field and click CREATE AND CONTINUE

    • Under Grant this service account access to the project, select role as Owner and click DONE

    • Select the newly created service account and click Keys > Add Key > Create new key

    • Make sure the key type is set to json and click Create

    • The new private key pair is generated and downloaded to the machine. Note the values of private_key, client_email and client_id

Delegate domain-wide authority to your service account

  • From your domain's Admin console, go to Main menu menu > Security > Access and data control > API controls

  • In the Domain wide delegation pane, select "MANAGE DOMAIN-WIDE DELEGATION"

  • Click Add new

  • In the Client ID field, enter the client ID obtained from the service account creation steps above

  • In the OAuth Scopes field, enter a comma-delimited list of the scopes required for the application

  • Use the below scopes:

    For scanning

    • https://www.googleapis.com/auth/admin.directory.user.readonly

    • https://www.googleapis.com/auth/admin.directory.group.readonly

    • https://www.googleapis.com/auth/drive.readonly

    For revoke permissions

    • https://www.googleapis.com/auth/drive

    For tagging

    • https://www.googleapis.com/auth/drive.file

    • https://www.googleapis.com/auth/drive

    • https://www.googleapis.com/auth/drive.admin.labels

    • https://www.googleapis.com/auth/drive.metadata

    • https://www.googleapis.com/auth/drive.labels

    For Extended Streaming Events

    • https://www.googleapis.com/auth/admin.reports.audit.readonly

  • Click Authorize

Provide required Admin roles to a user

In order to perform a scan using Google Drive connector, it needs a user with the below Admin roles assigned:

  • Services Admin

  • User Management

  • Groups Reader

They can be added/checked here for the UserID which will be used for impersonation: admin.google.com > Directory > Users > Assign roles > add Services Admin, User Management, and Groups Reader roles, as follows:

  • Navigate to Admin console

  • Select Users under Directory from the left menu

  • Select a user you want to use for scanning

  • Navigate to User details -> Admin roles and privileges

  • Edit the roles, and enable:

    • Services Admin

    • User Management

    • Groups Reader

  • Click on Save

Note: It might take few minutes before the changes are affected.

Configuring Google Drive connector in Dashboard

  • Navigate to Administration -> Data Sources -> Google Drive -> New scan

  • Enter the details of the OAuth2 credentials obtained previously, also add the user id (in the form of [email protected]) of the user you assigned roles in the above steps

  • Click on the Folder icon in Path to select a particular user's drive to scan, or leave the path as empty to scan all users

  • Save the configuration

  • Once the configuration is saved, click on the icon on the right and select Start file scan to begin scanning

  • The scan results can be viewed under Dashboard -> Enterprise Search

File tagging

Prerequisites

Default Getvisibility labels need to be created in Google Drive. This process is described below:

  • Turn on Drive labels for the organization

    1. In the Google Admin Console (at admin.google.com)

    2. Go to Menu Apps > Google Workspace > Drive and Docs

    3. Click Labels

    4. Select Turn Labels On

    5. Click Save

  • Create Drive labels:

    1. Go to the labels manager at https://drive.google.com/labels.

      Requires having the Manage Labels privilege.

    2. Click New label.

    3. To create one badged label:

      1. Choose a badged label

      2. Choose to start from an example, or from scratch.

      3. Update the title as Classification.

      4. (Optional) Add a description or a learn more URL that points to internal documentation about the label.

      5. Customize options, and assign a colour.

    4. To create a standard label:

      1. Two standard labelsneed to be created; Distribution and Compliance

      2. Click a standard label template or click Create New.

      3. Enter or update the label name.

      4. (Optional) Add a description.

      5. Choose whether the label is copied when the file is copied.

      6. Add a field.

  • Publish the labels

    1. If it’s not open already, open the labels manager (https://drive.google.com/labels) and click the label.

    2. Review the label and any fields.

    3. Click Publish.

    4. Confirm that the lable will be published by clicking Publish.

PreviousGoogle IAMNextChatGPT

Last updated

Was this helpful?