Google Drive integration

(Updated: )

To connect Google Drive to Leebry, you need to provide:

  • The email address of a Google Workspace admin
  • A JSON key for a Google Workspace service account

This article explains how to prepare your Google Workspace environment, generate a service account JSON key, configure domain-wide delegation, and complete the Google Drive integration setup in Leebry.

Get a service account JSON key

To get a JSON key for a Google Workspace service account:

  1. Create or select a Google Cloud project.

  2. Enable billing for the Google Cloud project.

  3. Enable the required Google Workspace APIs.

  4. Create a service account and generate a JSON key.

Create or select a Google Cloud project

In the Google Cloud console:

  • Use an existing project managed by your organization, or

  • Create a new project.

    Note

    If you create a new project, save the Project ID — it will be needed later when enabling APIs.

Enable billing for the Google Cloud project

Link a billing account to the Google Cloud project.

Google Cloud requires billing to be enabled before you can use APIs and configure service accounts. The Leebry integration alone isn't expected to generate significant Google Cloud costs unless additional services are enabled in the same project.

Enable required Google Workspace APIs

Enabling an API lets Leebry to access the corresponding Google service. The actual data Leebry can access is further limited by the OAuth scopes granted during the domain-wide delegation setup.

Use the following links while replacing [PROJECT_ID] with your Google Cloud project ID to make sure each API is enabled (click Enable if it's not).

APIService nameRequired forLink
Drive APIdrive.googleapis.comLets Leebry discover Google Drive files, retrieve file metadata such as names, owners, permissions, and modification dates, and read document contents for indexing.https://console.developers.google.com/apis/api/drive.googleapis.com/overview?project=[PROJECT_ID]
Docs APIdocs.googleapis.comLets Leebry retrieve and parse the contents of Google Docs documents for indexing.https://console.developers.google.com/apis/api/docs.googleapis.com/overview?project=[PROJECT_ID]
Sheets APIsheets.googleapis.comLets Leebry retrieve and parse the contents of Google Sheets spreadsheets for indexing.https://console.developers.google.com/apis/api/sheets.googleapis.com/overview?project=[PROJECT_ID]
Drive Activity APIdriveactivity.googleapis.comLets Leebry detect recently changed documents and perform incremental indexing instead of scanning all content again.https://console.cloud.google.com/marketplace/product/google/driveactivity.googleapis.com?project=[PROJECT_ID]

Create a service account and generate a JSON key

  1. Go to the Create service account page.

  2. Choose the project you want to use with Leebry.

  3. Enter a service account name.

    You can also edit the ID and add a description for the service account.

  4. Click Done.

    The Service Accounts page opens, where the newly created account should appear.

  5. Copy and save the OAuth 2.0 Client ID of the service account.

  6. Click the Actions button (⋮) next to the account, then choose Manage keys.

  7. Choose Add key > Create new key, select JSON as the key type, then click Create.

    The JSON key file is automatically downloaded to your computer. You'll need this file later when connecting Google Drive to Leebry.

Set up domain-wide delegation

Leebry uses a service account with domain-wide delegation to access Google Drive content using admin-approved permissions. This lets Leebry to:

  • Read files available to the organization
  • Detect document updates
  • Maintain an up-to-date index

To configure domain-wide delegation:

  1. Open the domain-wide delegation section in the Google Admin console.

    You must be signed in as a super admin.

  2. Click "Add new".

  3. In the Client ID field, enter the OAuth 2.0 Client ID you saved previously.

  4. Copy and paste the following scopes into the OAuth scopes field, then click Authorize.

    https://www.googleapis.com/auth/drive.readonly,https://www.googleapis.com/auth/drive.activity.readonly

The following table explains why each OAuth scope is required.

OAuth scopeAccess levelRequired for
https://www.googleapis.com/auth/drive.readonlyRead-onlyLets Leebry read Google Drive files and metadata for indexing. Leebry can't modify files.
https://www.googleapis.com/auth/drive.activity.readonlyRead-onlyLets Leebry access audit reports used to detect content changes and perform incremental indexing.

Connect Google Drive to Leebry

  1. In the Leebry admin dashboard, go to the Integrations tab.

  2. Click Connect next to the Google Drive integration.

  3. Review what Leebry can and can't do with your Google Drive, then click Continue.

  4. Enter the email address of either your Google Workspace super admin or a custom admin user (learn below), provide the JSON key, then click Continue.

    Note

    If you want to use a custom admin role:

    1. In the Google Admin console, choose Menu > Account > Admin roles.

    2. Click Create new role.

    3. Enter a role name (for example, Leebry), then click Continue.

    4. From the Privilege Name list, select the Reports privilege.

    5. Click Continue, then click Create Role.

      You'll be redirected to a page where you can assign users to the newly created role.

    6. Click "Assign members" and add a Google Workspace user.

      This user must sign in to Google Workspace at least once and accept the Terms of Service.

    7. Click "Assign role".

  5. Select the drives you want Leebry to index, then click "Start indexing".

    Once the indexing status changes from Indexing in progress to Active, the Google Drive integration is ready to use.

Was this article helpful?

Help us improve Knowledge Base

Related Articles

Contact us

Can’t find answers to your question?

Contact us and we’ll get back to you as soon as we can.

Contact us