Schedule Demo
View Categories

Google Workspace Drive

What is Google Workspace Drive? #

Google Workspace Drive provides cloud storage for files, where users can access, share, and sync files.

Why Should You Use the Google Workspace Drive Connector? #

The Google Drive connector provides visibility into cloud storage assets in your environment. You can use this visibility to:

  • ensure assets are managed per your data loss policies

  • find vulnerabilities quickly and remediate

How Does This Connector Work? #

Lucidum executes read-only requests to the Google Workspace Drive REST API and ingests only meta-data about Google Workspace Drive assets. Lucidum does not retrieve any data stored on your assets.

Configuring the Connector in Lucidum #

Field

Description

Example

JSON Key File

Upload a JSON file that includes the API key for the Google Drive API.

gdrive_key.json

Delegate Email

Provide the email for the administrator account for your Google Workspace.

Usually, this is the email address used to log into the Google Workspace Admin console.

This is not the email for the service account.

The service account s[ecified in the JSON file will then access the Google services by impersonating the administrator account.

[email protected]

Source Documentation #

Creating a Service Account, API Key, and JSON File for Lucidum #

To create an account for Lucidum to access Google Drive:

  1. Go to the Google Cloud Console and select the project that you want to create the service account for.

  2. Enable the following cloud APIs. For details, see: https://developers.google.com/workspace/guides/enable-apis

    • Admin SDK API 

    • Cloud Identity API

    • Drive Activity API

    • Google Drive API

  3. Create a Service Account for Lucidum data connector. For details, see: https://developers.google.com/workspace/guides/create-credentials#service-account.

  4. After entering the Service account description, click Done. The remaining steps are not required.

  5. The service account does not require a role.

  6. To assign permissions to the newly created service account, select the service account. Under Actions, select Manage details.

  7. In the DETAILS tab, expand Show Domain-Wide Delegation.

  8. Select Enable Google Workspace Domain-wide Delegation.

  9. Click SAVE

  10. In the DETAILS tab, copy the Unique ID to your local computer. This is the Client ID you must enter in the subsequent tasks.

  11. Create JSON key for the new service account.

  12. Go to KEYS tab > ADD KEY.

  13. In the Create private key for modal page, select Key type as JSON and click CREATE

  14. The JSON key will be downloaded automatically. Save this JSON key file to your local computer.

Creating the Delegate Email #

  1. For details on creating a delegate, see https://developers.google.com/identity/protocols/oauth2/service-account#python.

  2. Log in to Google Workspace (https://workspace.google.com/) as a Workspace administrator.

  3. Click on Admin console.

  4. In the Google Admin console, go to Security > API Controls > MANAGE DOMAIN WIDE DELEGATION.

  5. Click Add new.

  6. In the Add a new client ID modal page, enter the Client ID you saved earlier.

  7. In the OAuth scopes section, specify the following required scopes:

    • https://www.googleapis.com/auth/drive.readonly

    • https://www.googleapis.com/auth/drive.activity.readonly

  8. Click AUTHORIZE.

Required Permissions #

The user you create for Lucidum requires the following scopes:

  • https://www.googleapis.com/auth/drive.readonly

  • https://www.googleapis.com/auth/drive.activity.readonly

API Documentation #

API for Google Drive: https://developers.google.com/drive/api/guides/about-sdk

API for Google Drive Activity: https://developers.google.com/drive/activity/v2

What are your Feelings

@ 2024 Lucidum, Inc.