Foldr Zen Zone

Google Workspace

Google Drive / Workspace Integration (Automated Account Linking)

Foldr can automatically link an on-premise Active Directory user account with the corresponding user in Google G Suite / Google Workspace.  For organsation controlled G Suite/Workspace domains, this is the recommended method of integrating Foldr with Google services.

The G Suite/Workspace integration allows the administrator to present a user’s personal Google Drive storage and also Shared Google Drives to users as soon as they sign in (removing the need for the user to link accounts manually).  The automatic linking option works by using a Google service account and mapping a predefined Active Directory attribute to provide access to the correct cloud storage account.  i.e. the Foldr appliance will match the user’s email address or UPN attribute to the user in the organisation’s Google G Suite domain.

Foldr can also provide search functionality in Google Drive and Google Shared Drive either by leveraging Google’s search API or by indexing Google Drives in Foldr.

Google Shared Drive integration setup instructions is available here

Configuring the Foldr integration with Google Workspace (auto linking/service accounts)

1. Browse to https://console.cloud.google.com/apis using your administrative account.

2. Create a new project – Click the chevron shown below.  Depending on the view, it may be at the organisation level or another existing project

3. Click New Project

4. Give the Project a suitable name and click Create

5. This will drop you to the APIs and Services panel.  Click + ENABLE APIS AND SERVICES.  If you do not land at this page, click APIs & Services in the top left menu.


6.  Search for ‘drive’ in the API library

7. Select the Google Drive API item

8. Click the Enable button

9.  This will drop you at the Google Drive API panel.  Click Credentials

10.  Click + Create Credentials

11. In the Credential Type dialog, select Application data to create a service account.  Click Next

12. In the Service account details dialog, give the service account a suitable name, optionally a description and click CREATE AND CONTINUE


Note – The ‘service account ID’ is automatically populated

13.  The grant users access to this service account dialog will display.  Do not configure any options here and click Done

16.  Next, configure the consent screen by clicking the OAuth consent screen option in the API & Services menu.

17.  Select Internal as User Type and click Create

18. Enter a suitable App name and User support email address

19.  Scroll down and enter Developer contact information as an email address

20.  Click Save and Continue

21.  The Scopes panel will display, do not configure any options here and again click Save and Continue

22.  Scroll down on the Summary screen and click Back to Dashboard

23.  Click Credentials in the API & Services menu

24.  Click the Edit button highlighted below on the service account created earlier.

25.  The service account details panel with be shown.  Scroll down and click the Show Advanced Details button.   Then under the Domain-wide Delegation section, copy the CLIENT ID shown here and make a note of it as it will be used later.

26.  Click the Keys tab at the top of the screen

27. Click Create new key

28. Leave the key type as ‘JSON‘ and click Create

29. A notice will appear that the private key (.JSON file) has been created and this is saved to the local machine.  Depending on your browser, you may get a Save As dialog appear asking where to save the .json private key.  Keep this file in a secure place as it will be required later in the integration.

Click Close and the key will be shown in the summary

31.  Click on the Details tab at the top of the screen.

Then select Advanced Settings and make a note of the CLIENT ID as this will be used later.

Directly under the Client ID, inside the Domain-Wide Delegation panel click the VIEW GOOGLE WORKSPACE ADMIN CONSOLE button

32. The new browser tab will open at https://admin.google.com.  Click the top-left menu

 

33.  Expand Security > Access and data control and select API controls

34.  At the bottom of API Controls page select Manage domain-wide delegation

35. Click Add New

36. Paste the Client ID as taken from step 25.  In the OAuth scope field paste the following exactly as shown:

https://www.googleapis.com/auth/drive,profile

Click AUTHORIZE

37. Browse to Foldr Settings and create a new Service Account with Type ‘Google‘ within Integrations >> Service Accounts >> +Add New

38. Open the .JSON service account key file downloaded earlier and paste in the Account Key (JSON) box.

Note that the ‘Attribute for impersonation’ field at the bottom is what is used to match the on-premise Active Directory user to the corresponding Google account.

In this example, we are using Email (i.e. the mail attribute in Active Directory) – you can alternatively select the UPN (userPrincipalName in Active Directory) or ‘Custom‘.

The Custom option is useful if neither the user’s G Suite email address is populated as the Email or UPN attributes in Active Directory and allows the administrator to enter an example of:

%username%@domain.com

39. Click UPDATE

40.  Navigate to Foldr Settings >> Integrations and select Google G Suite

41. Enable the integration

42. Under the Access section select ‘Use Service Account’ and select the service account created eariler.  Leave all other fields blank.

Click Save Changes

43.  Next, create the storage object for Google Drive in Foldr Settings.  Navigate to Foldr Settings >> Files & Storage

+ Add New

Click Add New

44.  Give the storage location a suitable name and use the Storage Address of %googledrive%

Select the Google Drive icon (or other as required).

Click SAVE CHANGES

45.  Click the Access tab and select the Google service account that was created earlier.

 

Click SAVE CHANGES

The integration for automatic account linking with Google Drive is now complete.

When a user logs into Foldr using the web, mobile or desktop apps, will be able to access their personal Google Drive from inside Foldr as they can any other configured storage location.

Microsoft Office documents that are hosted on-premise or in Drive may be edited in place using Workspace productivity apps which will save back to their original location once the user has finished editing.  As part of enabling the Google integration the user will now see a ‘Edit with Google Workspace’ button in the Foldr web app for Office and Google files.

The Windows and macOS desktop apps will allow users to edit G Suite files (Docs, Slides and Sheets) straight from Explorer / Finder.

Enabling Search for Google Drive

Search can be quickly enabled for users by using the Google service API, however it is also possible to provide search for Google Drive and Shared Drives by indexing with Foldr.

Using the Google Search API

  1. Navigate to Foldr Settings > Files & Storage.


2. Edit the Google Drive storage item.

3. Click the Search & Data tab.  Then enable the toggle labelled Show as location for search

s
4. Click Save Changes

The configuration steps are complete.  Users will now be able to search Google Drive in Foldr.

Using Foldr to index Google Drive

This requires more configuration steps, but provides a more powerful search experience and can be used in conjunction with other Foldr features such as Captur, MaSH and Custom Fields.  Setup guidance for indexing storage locations with Foldr, can be found in this dedicated article.

 

Every journey begins with a single step

Declutter, Focus, Zone In. Repeat.

Begin your File Zen Journey