Google Drive integration
(Updated: )To connect Google Drive to Leebry, you need to provide:
- The email address of a Google Workspace admin
- A JSON key for a Google Workspace service account
This article explains how to prepare your Google Workspace environment, generate a service account JSON key, configure domain-wide delegation, and complete the Google Drive integration setup in Leebry.
Get a service account JSON key
To get a JSON key for a Google Workspace service account:
Create or select a Google Cloud project.
Enable billing for the Google Cloud project.
Enable the required Google Workspace APIs.
Create a service account and generate a JSON key.
Create or select a Google Cloud project
In the Google Cloud console:
Use an existing project managed by your organization, or
- Note
If you create a new project, save the Project ID — it will be needed later when enabling APIs.
Enable billing for the Google Cloud project
Link a billing account to the Google Cloud project.
Google Cloud requires billing to be enabled before you can use APIs and configure service accounts. The Leebry integration alone isn't expected to generate significant Google Cloud costs unless additional services are enabled in the same project.
Enable required Google Workspace APIs
Enabling an API lets Leebry to access the corresponding Google service. The actual data Leebry can access is further limited by the OAuth scopes granted during the domain-wide delegation setup.
Use the following links while replacing [PROJECT_ID] with your Google Cloud project ID to make sure each API is enabled (click Enable if it's not).
| API | Service name | Required for | Link |
|---|---|---|---|
| Drive API | drive.googleapis.com | Lets Leebry discover Google Drive files, retrieve file metadata such as names, owners, permissions, and modification dates, and read document contents for indexing. | https://console.developers.google.com/apis/api/drive.googleapis.com/overview?project=[PROJECT_ID] |
| Docs API | docs.googleapis.com | Lets Leebry retrieve and parse the contents of Google Docs documents for indexing. | https://console.developers.google.com/apis/api/docs.googleapis.com/overview?project=[PROJECT_ID] |
| Sheets API | sheets.googleapis.com | Lets Leebry retrieve and parse the contents of Google Sheets spreadsheets for indexing. | https://console.developers.google.com/apis/api/sheets.googleapis.com/overview?project=[PROJECT_ID] |
| Drive Activity API | driveactivity.googleapis.com | Lets Leebry detect recently changed documents and perform incremental indexing instead of scanning all content again. | https://console.cloud.google.com/marketplace/product/google/driveactivity.googleapis.com?project=[PROJECT_ID] |
Create a service account and generate a JSON key
Go to the Create service account page.
Choose the project you want to use with Leebry.
Enter a service account name.
You can also edit the ID and add a description for the service account.
Click Done.
The Service Accounts page opens, where the newly created account should appear.
Copy and save the OAuth 2.0 Client ID of the service account.
Click the Actions button (⋮) next to the account, then choose Manage keys.
Choose Add key > Create new key, select JSON as the key type, then click Create.
The JSON key file is automatically downloaded to your computer. You'll need this file later when connecting Google Drive to Leebry.
Set up domain-wide delegation
Leebry uses a service account with domain-wide delegation to access Google Drive content using admin-approved permissions. This lets Leebry to:
- Read files available to the organization
- Detect document updates
- Maintain an up-to-date index
To configure domain-wide delegation:
Open the domain-wide delegation section in the Google Admin console.
You must be signed in as a super admin.
Click "Add new".
In the Client ID field, enter the OAuth 2.0 Client ID you saved previously.
Copy and paste the following scopes into the OAuth scopes field, then click Authorize.
https://www.googleapis.com/auth/drive.readonly,https://www.googleapis.com/auth/drive.activity.readonly
The following table explains why each OAuth scope is required.
| OAuth scope | Access level | Required for |
|---|---|---|
https://www.googleapis.com/auth/drive.readonly | Read-only | Lets Leebry read Google Drive files and metadata for indexing. Leebry can't modify files. |
https://www.googleapis.com/auth/drive.activity.readonly | Read-only | Lets Leebry access audit reports used to detect content changes and perform incremental indexing. |
Connect Google Drive to Leebry
In the Leebry admin dashboard, go to the Integrations tab.
Click Connect next to the Google Drive integration.
Review what Leebry can and can't do with your Google Drive, then click Continue.
Enter the email address of either your Google Workspace super admin or a custom admin user (learn below), provide the JSON key, then click Continue.
NoteIf you want to use a custom admin role:
In the Google Admin console, choose Menu > Account > Admin roles.
Click Create new role.
Enter a role name (for example, Leebry), then click Continue.
From the Privilege Name list, select the Reports privilege.
Click Continue, then click Create Role.
You'll be redirected to a page where you can assign users to the newly created role.
Click "Assign members" and add a Google Workspace user.
This user must sign in to Google Workspace at least once and accept the Terms of Service.
Click "Assign role".
Select the drives you want Leebry to index, then click "Start indexing".
Once the indexing status changes from Indexing in progress to Active, the Google Drive integration is ready to use.