The Google Drive connector lets you import and index all of your personal and your teams files. It can also import all permission and access management, so you everyone can only find what they are allowed to view. It also lets you synchronize changes in your Google Drive automatically.


This article will explain how to:

  • Enable the Drive API to access your files and how to enable authenticating users with Google.

  • Setup the Google Drive connector in Curiosity.

  • How your teams users can authorize your Curiosity instance with Google to import files.


Requirements:

  • You are using Google Drive for Teams (Individual Google Drivees are not yet supported).

  • You are admin of the Google Drive Team (You can access the Admin Console and the Developer Console).


The Google Drive connector will automatically:

  • Import files and folders from your Google Drive.

  • Import users and groups in your team.

  • Import file and folder permissions so your users can only find what they are supposed to.

  • Keep the Google Drive data synchronized on a schedule.


Configuring the Google Drive API

Create a new Google API Project

Step 1: Verify that you are logged in the correct team as admin by checking access to the Admin Console.

Step 2: Got to the Google Drive Developer Console and create a new project. This project will host the configured authentication settings.

Step 3: Give the project a descriptive name and create it.

Step 5: Navigate to the APIs & Services dashboard.

Enable the Drive API and Admin SDK API for your project

We now need to enable the Drive API and the Admin SDK API for this project.

Step 1: Click Library which will redirect you to a search of Google Services.

Step 2: Search for Google Drive API and enable it by pressing the Enable button. Alternatively, this link should take you directly to the Google Drive API page.

Step 3: Search for Admin SDK API and Enable it. This link should take you directly to the Admin SDK API page.

To authenticate Curiosity with the Google API, users need to use OAuth to authenticate the access to their data. First, we need to define a OAuth consent screen which is shown to the users when they give permission to access their data. Then we need to configure credentials that allow Curiosity to access the data after the users consent has been given.

Step 1: Go back to the APIs & Services dashboard and select the OAuth consent screen page. Select Internal and press Create.

Step 3: Give the app a descriptive name and fill in the remaining information as you see fit. Press SAVE AND CONTINUE to proceeded.

Step 4: The next step adds scopes to the project. Scopes define the types of permissions which the app can asks for. Curiosity needs the following four scopes:

drive.readonly - Allows read-only access to file metadata and file content. drive.metadata.readonly - Allows read-only access to file metadata. admin.directory.group.readonly - Scope for only retrieving group, group alias, and member information. admin.directory.user.readonly - Scope for only retrieving users or user aliases.

Select the four scopes and press UPDATE and then press SAVE AND CONTINUE to proceed to the next step.

Step 5: Check that the configuration of the consent screen is correct in the overview.

Configure OAuth Credentials

Step 1: Select the Credentials dashboard under ** APIs & Services. Or follow this direct link.

Step 2: Create a new OAuth client ID.

Step 3: Select Web application as Application type, give the credentials a descriptive name and add the correct redirect URIs for your Curiosity instance. The URI needs to follow this exact pattern: <SERVER_URL>/api/oauth/gdrive/authorize

  • Local development instance: http://localhost:8081/api/oauth/gdrive/authorize

  • Production instance: https://acme.com/api/oauth/gdrive/authorize

Press Create to finish the setup.

Step 4: You should then be greeted with the created OAuth credentials. The credentials consist of Client ID and Client Secret. You will need both to enable

Step 5: (optional) To see the credentials again, go to the edit dashboard. There you can copy the Client ID and Client Secret again. Redirect URIs can be added or changed here too. E.g. if you want to move your Curiosity Instance to a new URL without having your users to authorize Google Drive again.


Configure the Google Drive Connector in Curiosity

Step 1: Navigate to the Data Sources Hub and select the configuration interface for Google Drive.

Step 2: Add a new Google Drive connector.

Step 3: Provide the access keys to your Google Drive app to allow users to authenticate themselves:

  • App Key The Client Id of your defined Google Drive OAuth credentials.

  • App Secret The Client Secret of your defined Google Drive OAuth credentials.

Step 4: Modify the configuration on how the connector behaves.

  • Name Provide the specific Google Drive data connector with a descriptive name. This allows admins to quickly find a specific Google Drive data connector configurations. This is mainly applicable when multiple Google Drives are connected.

  • Cron Schedule to run the connector on. After the initial run, the connector has to be run regularly to import changes into Curiosity. Any valid cron schedule can be defined.

  • Source Provide a descriptive name of the connected Google Drive. If your Google Drive contains general Documents keep "Google Drive" as Source. If your Google Drive contains specific data give it a descriptive name, e.g. "Project Assets".

Note: When the Source is changed later, all imported data form this connector has to be delete on the system and imported again.
  • Folders When left empty all folders are imported. By providing specific paths to folders, only these folders are imported.

  • Content Types List of file types to import from Google Drive to be searchable. Per default, only PDF files are imported as specified by the MIME-Type application/pdf.

  • Permission Sync Personal This setting defines how access to personal files and folders of users is handled.
    - Ignore Do not import files from the personal Google Drive folder of authenticated users.
    - Import Permissions Import files and their permissions from the personal Google Drive folder of authenticated users. If users explicitly share files with other users, these users will also be able to find them in Curiosity. These permissions are synchronized together with the files. This means changes to access rights are only reflected after a run of the connector.
    - Private All the personal files and folders of a user are imported, but can only be found by the user.
    - Public None of the imported personal files or folders of user are controlled for access rights. All users can find all others personal Google Drive files, even when they would not be able to on Google Drive directly.

Note: When the permission setting is changed, all imported data from this connector has to be delete on the system and imported again.
  • Permission Sync Shared This setting defines how access to the teams shared files and folders is handled.
    - Ignore Do not import files from the teams shared folders.
    - Import Permissions Import permissions and access control form Google Drive. This setting reflects group and individual user permissions and lets users find all shared files in team folders to which they have access to on Google Drive.
    - Access Group All users that are authenticated with the Google Drive connector can find all of the teams shared files. Users which are not authenticated with the Google Drive app can't find the imported data.
    - Public All users can find all of the teams Google Drive files and folders, even when they would not be able to on Google Drive directly or do not have access to the Google Drive.

Note: When the permission setting is changed, all imported data from this connector has to be delete on the system and imported again.

Step 5: Press Save to save the configuration.

Step 6: Select the connector configuration you just created. Start the authentication flow with Google Drive by clicking Authorize.

Step 7: Give the your Google Drive app access to your Google Drive account by clicking Allow.

Step 8: You will then be redirected to the Data Sources Hub where you can see a configured Google Drive connector.

Step 9: Inform your users to authorize access to their personal Google Drive files (Including shared files to which the admin does not have access to). See here how users can give the Google Drive access to their files.

Step 10: Run the Google Drive connector for the first time by pressing the Run Once button. This will do an initial import of files and folders. Following runs of the data connector will only import changes to the authenticated Google Drive.

Step 11: The status of the current run of the connector can be seen by clicking the logs button.

Did this answer your question?