Connect to Google Drive

Required permissions for setup

The user setting up this data source must be a Google Super Admin.

Set up custom admin role (optional)

To use the Google Drive API, the Glean service account needs to impersonate a user with certain privileges via domain-wide delegation. This can be the Super Admin performing this setup, or a custom admin role can be created with the required privileges and assigned to a different Google Workspace user (this can be an existing user, or a new user created for this purpose). If you would like to use the Super Admin account, simply enter the email of the Super Admin into the Directory admin email field in Glean. Otherwise, to create a custom admin role:

  1. Go to https://admin.google.com/ac/roles. Click Create new role. Name the role Glean. Click Continue.
  2. Under Admin Console Privileges, select the following:
    • Organization Units > Read
    • Users > Read
    • Services > Drive and Docs > Settings
    • Reports*
  3. Under Admin API Privileges, select the following:
    • Organization Units > Read
    • Users > Read
    • Groups > Read
  4. Click Continue, and then Create Role.
  5. You should be redirected to a page where you can assign users to the Glean role you just created. Click Assign members, and add a Google Workspace user. This user needs to have logged in at least once to the Google Workspace and accepted the Terms of Service. Click Assign role.
  6. Enter the email of the user from the previous step into the Directory admin email field in Glean. *This is needed to read activity events on documents, which is used by Glean for ranking, and for recrawling when a document is modified.

Add API scopes

  1. Go to the Domain-wide Delegation section in Google Admin Console. You’ll need to be signed in as an admin.
  2. Click Add new and paste the 21-digit Unique ID from below into the Client ID field. Here is your Client ID: Error: Key and children not found, please report this to Glean Support. Note: if you have already connected Google Tools (Google Calendar and Gmail) with this same Client ID, you should instead click ‘Edit’ on the existing API client and then add the additional scopes below.
  3. Copy and paste the following into the OAuth scopes (comma-delimited) field and then click Authorize:

    https://www.googleapis.com/auth/admin.directory.group.readonly,https://www.googleapis.com/auth/admin.directory.user.readonly,https://www.googleapis.com/auth/drive.readonly,https://www.googleapis.com/auth/admin.reports.audit.readonly

Add additional Google Drive domains (optional)

Glean will automatically crawl all users and documents in the domain belonging to the directory admin email. If you would like to include additional domains from your Google Workspace account, follow these steps:

  1. In the admin role you created, add the following under Admin Console Privileges:
    • Domain Settings
  2. Additionally, add the following under Admin API Privileges:
    • Domain Management
  3. In the API client you created, add the following to the * OAuth scopes (comma-delimited)* field:

    https://www.googleapis.com/auth/admin.directory.domain.readonly
  4. Click Retrieve domains in Glean to fetch the domains in your Google Workspace account. You can then select the domains you want to include in Glean.

(Alternative) Manually add additional domains

Enter the domains you want to include into the text box in Glean, separated by commas, without any additional spaces. For example: example.com,example.org. Finally, click Save in Glean. You’re all set!

Was this page helpful?