Google Drive integration

(Updated: )

When enabling the Google Drive integration in Leebry, you'll be asked to enter:

  • a Google Workspace admin email
  • a service account JSON key

This guide explains how to get them as well as preliminary set up that needs to be done.

Get service account JSON key

  1. Create or select a Google Cloud Platform (GCP) project.

    Go to the Google Cloud Console and either:

    Note

    If creating a new project, make sure to take note of the Project ID that will be needed to enable APIs in step 3.

  2. Enable billing.

    Link a billing account to the GCP project.

    This is required by Google Cloud to enable API usage and service account configuration.

    No GCP resources are expected to incur significant cost as part of the Leebry integration alone, unless other Google Cloud services are used in the same project.

  3. Enable required APIs.

    Enabling an API allows Leebry to use that Google service. The actual data that Leebry can access is further restricted by the OAuth scopes granted during the domain-wide delegation setup.

    Go to the following links replacing [PROJECT_ID] with your Project ID from step 1 and click Enable if not enabled already:

    APIService nameRequired forLink
    Drive APIdrive.googleapis.comAllows Leebry to discover Google Drive files, retrieve file metadata (such as name, owner, permissions, and modification time), and read document contents for indexing.https://console.developers.google.com/apis/api/drive.googleapis.com/overview?project=[PROJECT_ID]
    Docs APIdocs.googleapis.comAllows Leebry to retrieve and parse the contents of Google Docs documents in a structured format for indexing.https://console.developers.google.com/apis/api/docs.googleapis.com/overview?project=[PROJECT_ID]
    Sheets APIsheets.googleapis.comAllows Leebry to retrieve and parse the contents of Google Sheets spreadsheets for indexing.https://console.developers.google.com/apis/api/sheets.googleapis.com/overview?project=[PROJECT_ID]
    Admin SDK APIadmin.googleapis.comAllows Leebry to access Google Workspace audit and usage reports. Leebry uses this information to identify recently changed documents and perform incremental indexing instead of re-scanning all content.https://console.developers.google.com/apis/api/admin.googleapis.com/overview?project=[PROJECT_ID]

  4. Create a service account and generate a JSON key.

    Create a service account in your GCP project by following these steps:

    1. Go to the Create service account page.

    2. Select the project you're using for Leebry.

    3. Enter a service account name.

      Optionally, edit the ID and enter a description.

    4. Click Done.

    5. The Service Account page for the project opens, and you should see the newly create account there.

      Copy and save the account's 21-digit long OAuth 2 Client ID as you'll need it later.

    6. Click the Actions button next to it (three dots) and click Manage keys.

    7. Click Add key > Create new key. Select the key type JSON and then click Create.

    8. The JSON key will be downloaded to your computer automatically.

      Note

      It's this JSON key that Leebry is asking for when setting up the Google Drive Integration.

Set up domain-wide delegation

Leebry uses a service account with domain-wide delegation to access Google Drive data with admin-approved permissions. This allows Leebry to:

  • Read files accessible to the organization
  • Detect document updates
  • Maintain an up-to-date index

To set up domain-wide delegation:

  1. Go to the domain-wide delegation section in Google Admin Console. You have to be signed in as a super admin.

  2. Click Add new and paste the previously saved OAuth 2 Client ID of the service account into the Client ID field.

  3. Copy and paste the following into the OAuth scopes (comma-delimited) field and then click Authorize: https://www.googleapis.com/auth/drive.readonly, https://www.googleapis.com/auth/admin.reports.audit.readonly, https://www.googleapis.com/auth/admin.reports.usage.readonly.

The table below explains why each scope is required by Leebry.

OAuth scopeAccess levelRequired for
https://www.googleapis.com/auth/drive.readonlyRead-onlyAllows Leebry to read Drive files and metadata for indexing. No file modifications can be performed.
https://www.googleapis.com/auth/admin.reports.audit.readonlyRead-onlyAllows Leebry to access audit reports used to detect content changes and perform incremental indexing.
https://www.googleapis.com/auth/admin.reports.usage.readonlyRead-onlyAllows Leebry to access usage reports used to support synchronization and operational monitoring.

Connect Google Drive to Leebry

  1. Go to the Integrations tab of the admin dashboard in Leebry.

  2. Click Connect next to the Google Drive integration.

  3. Read what Leebry can and can't do with your Google Drive and click Continue.

  4. Enter either your Google Workspace super admin email or custom admin email (read below) along with the JSON key. Click Continue.

    Note

    If you'd like to create a custom admin role:

    1. Go to https://admin.google.com/ac/roles. Click Create new role. Name the role Leebry. Click Continue.

    2. Select the Reports privilege.

    3. Click Continue and then Create Role.

    4. You should be redirected to a page where you can assign users to the Leebry role you just created. Click Assign members, and add a Google Workspace user. This user needs to have logged in at least once to the Google Workspace and accepted the Terms of Service. Click Assign role.

  5. Select the drives you wish Leebry to index and then click Start indexing.

  6. Once the indexing status changes from Indexing in progress to Active, Google Drive integration is up and running!

Was this article helpful?

Help us improve Knowledge Base

Related Articles

Contact us

Can’t find answers to your question?

Contact us and we’ll get back to you as soon as we can.

Contact us