Google Drive #

For Google Drive we work with a Google service account provided by uman. During the set-up process you will be given a service account email address and service account identifier.

Pre-requisites #

It is required to have a Google Workspace in order for uman to be able to index content.

Scopes #

Create a new Shared Drive and grant the Manager access role to the uman-provided service account. Adding the service account to the Shared Drive will grant the following permissions implicitly:

• https://www.googleapis.com/auth/drive: required to upload uman-generated files to Google Drive
• https://www.googleapis.com/auth/drive.activity.readonly: required to read activities related to those files

Next to adding the service account to the desired Shared Drives, you need to grant the service account the following domain-wide scopes:

• https://www.googleapis.com/auth/admin.directory.user.readonly: required to read all users, relevant for the metadata of files.

For instructions on how to grant these domain-wide delegation, check the Google docs.

Setup process #

Please follow the steps below:

1. Create a new Shared Drive Go-To-Market key content
2. Retrieve the service account email address and identifier from the uman team
3. Grant the service account the Manager access role to the newly created Shared Drive
4. Grant the service account the aforementioned domain-wide scopes
5. Let the uman team know that the steps above have happened successfully and provide an email address of an administrator (at least ‘User Management Admin’ role) that uman can use to impersonate the admin scope calls

Optional: You can grant a group (containing all the users) Viewer-access to the Shared Drive, so that everyone in the organization can see the content, but not modify it.

Whitelist applications #

Whitelist the uman applications if required.