Google Drive Connector and Datasource Configuration

The Google Drive connector is used to index the documents in a Google Drive account.

Google Drive authentication

There are two methods of Google Drive authentication for Fusion:

In both cases, you’ll get a client ID, client secret, and refresh token from Google. These become part of your datasource configuration in Fusion.

Authentication for access to site-wide documents

In order to access all the shared documents by users in your organization, you must configure the Google Drive API and the Admin SDK. See the instructions in the knowledge base.

How to configure authentication for access to site-side documents
  1. Log in to Google as a user with admin-level access rights.

  2. Go to https://console.developers.google.com/.

  3. Create a Google project for Fusion:

    1. In the upper left, open the Project menu and select Create Project:

      Create Project

    2. Enter a new project name, such as "fusion".

    3. Click Create.

    4. In the new project, click Enable API.

    5. Under "Google Apps APIs", click Drive API.

    6. Click Enable.

      Google may prompt you to create credentials. Do not create credentials here; we’ll do that a few steps later.

    7. Click Library, then Admin SDK.

    8. Click Enable.

  4. Create a service account key:

    1. Navigate to Credentials > Create Credentials > Service account key:

      Service account key

    2. From the Service account list, select Compute Engine default service account.

    3. Under "Key type", select P12.

    4. Click Create.

      Create credentials

      A new private key downloads automatically to your local drive. Google prompts you to store it securely and save the displayed password. The key and password will not be provided to you again.

  5. Create a service account:

    1. Click Manage service accounts:

      Manage service accounts

    2. Click Create Service Account.

    3. Enter a service account name, such as "fusion-service-account".

    4. From the Role list, select Project > Service account actor:

      Manage service accounts

    5. Select Enable G Suite Domain-wide Delegation.

    6. Enter an arbitrary name under Product name for the consent screen.

    7. Click Create.

      Google displays the list of service accounts.

    8. Next to the "fusion-service-account", click View Client ID.

      You may need to scroll to the right in order to see this link.

    9. Copy the client ID and service account name. Save them in a separate location.

    10. Click the menu in the upper left and select IAM & Admin.

    11. Next to the "fusion-service-account" project, select its permissions as shown below:

      Manage service accounts

  6. Go to https://admin.google.com.

  7. Navigate to Admin Console > Security.

    Remember, you must be logged in as a user with admin-level access rights.

  8. Navigate to Show more > Advanced settings > Manage API client access.

  9. Create a new API client:

    The new API client authorization appears in the list:

    API client access

Authentication for access to per-user documents

These instructions allow you to configure Google to allow Fusion to crawl a specific user’s Google Drive, including documents that other users have shared with them.

How to configure authentication for access to per-user documents
  1. Log in to Google as a user with admin-level access rights.

  2. Go to https://console.developers.google.com/.

  3. Create a Google project for Fusion:

    1. In the upper left, open the Project menu and select Create Project:

      Create Project

    2. Enter a new project name, such as "fusion".

    3. Click Create.

  4. Create the client ID and client secret:

    1. In the new project, click Enable API.

    2. Under "Google Apps APIs", click Drive API.

    3. Click Enable.

      Google may prompt you to create credentials, if this is the first time you’ve enabled this API.

    4. Click Credentials, then Create Credentials > Oauth client ID.

    5. Select Web application.

    6. Enter a name for this Web application, such as "Fusion search".

    7. In the Authorized Javascript origins field, enter "https://developers.google.com".

    8. In the Authorized redirect URIs field, enter "https://developers.google.com/oauthplayground" and press Return on your keyboard.

    9. In the Authorized redirect URIs field, enter "http://<fusion-host>:8764/oauth-redirect", specifying the hostname of your Fusion instance.

    10. Click Create.

      Google displays the new client ID and client secret.

    11. Copy the client ID and client secret. Save them in a separate location.

    12. Click OK.

    13. Go to https://developers.google.com/oauthplayground/.

    14. In the upper right, click the gear icon.

      The OAuth 2.0 configuration window opens.

    15. Select Use your own OAuth credentials.

      Oauth config

    16. Enter your client ID and client secret.

    17. Click Close.

  5. Add the credentials to the datasource configuration in the Fusion UI:

    1. In the Google Drive datasource configuration panel, enter a string for the Datasource ID.

    2. Enter the Google client ID and client secret.

    3. Click Get Refresh Token.

      A new browser window opens, and Google prompts you for permission to access the documents:

      Google prompt

    4. Click Allow.

      Fusion automatically populates the Google Drive Oauth Refresh Token field.

    5. In the Startlinks field, enter a starting URL to which this user has access.

      See below for details about the format for this value.

    6. Click Save.

Configuration

The StartLinks values for this connector must be one of the following:

Tip
When entering configuration values in the UI, use unescaped characters, such as \t for the tab character. When entering configuration values in the API, use escaped characters, such as \\t for the tab character.