Documentation

Google Drive

Suggest Edits

Overview

Google Drive is a file storage and synchronization service developed by Google. It allows users to store files in the cloud (on Google's servers), synchronize files across devices, and share files. Google Drive encompasses the Google Docs Editors office suite that permits collaborative editing of documents, spreadsheets, presentations, drawings, forms, and more.

Entitle can manage files and folders in Google Drive.

This page will provide you with instructions on how to integrate Entitle and Google Drive.

General guidelines

To integrate your Google Drive in Entitle, you will need to run the entitle_google_integratorset up you downloaded and unzipped on the Google Integrations page and configure a Domain-Wide Delegation.

Set up Google Drive to work with Entitle

Stage 1: Running the setup script

The setup will consist of the following actions:

  • Create an Entitle service account in the chosen project
  • Enable the required API services for the integration:
  • Generate a key for the service account and download it to your local machine
  1. Go to your GCP web console.
  2. Choose the project that you chose to create Entitle's service account at the top left corner.
  3. Click on the shell icon at the top right corner.
  1. Navigate to the path of the unzipped folder entitle_google_integrator, and run the following commands:
# For a basic configuration, create a service account in the current project and assign the role to it at the project-level
bash run.sh -i drive -k

# For more options use the -h flag
bash run.sh -h
  1. Download the created JSON file on setup completion. you will use it later in this guide.

Stage 2: Configure domain-wide delegation

To manage users in groups, your service account needs to have domain-wide delegation on certain scopes.

  1. Go to the Manage Domain-Wide Delegation page.
  2. Click ‘Add new’:

  1. In the ‘Client ID’ field, enter the 21-digit number obtained from the key JSON file under the client_id field.

  2. In the ’OAuth scopes’ field, enter the following values (comma-delimited):

    https://www.googleapis.com/auth/admin.directory.group.readonly, 
https://www.googleapis.com/auth/admin.directory.user.readonly,
https://www.googleapis.com/auth/drive,
https://www.googleapis.com/auth/drive.readonly

    ⚠️Note: You may enter only the .readonly scopes if you wish to only read the permissions. In that case, you must set "read_only": true in the options field (later in this guide).

  3. Click ‘Authorize’.

Creating the integration in Entitle

All that is left to do is to create an integration on the Entitle application.

  1. Log into Entitle and navigate into the ‘Integrations’ page.
  2. After clicking the ‘Add Integration’ button, type ‘Google Drive‘ in the Application field.
  3. Don’t forget to set ‘Save on’ correctly on your agent or Entitle’s cloud.
  4. Under “service_account_key” field, paste the downloaded key JSON of your service account.
  1. Under credential_subject enter an email of an admin in your organization which has permission to view all users and groups in your organization.
  2. If the Domain-Wide-Delegation for managing groups was set as .readonly for this integration, please add "read_only": true under the "options" field.
  3. Example Connection JSON:
{
  "service_account_key": {
    // A dictionary from the downloaded JSON file
  },
  "credential_subject": "an email of an admin in your organization which has permission to view all users and groups",
  "options": {
    "read_only": false
  }
}
  1. Click Save, you are done! 🎉

Updated about 1 month ago

What’s Next