Google Workspace
Seamless integration with Google’s productivity and collaboration tools
Overview
The Google Workspace connector allows you to access, manage, and synchronize data across Gmail, Google Calendar, and Google Drive.
Google Workspace (formerly G Suite) is a collection of cloud computing, productivity, and collaboration tools developed by Google. This connector provides access to core Google Workspace services through a unified API.
Authentication
The Google Workspace connector uses OAuth 2.0 for authentication. This requires users to grant permission for the application to access their Google Workspace data within the scopes specified.
How to configure and enable the Google Workspace Connector
Step 1: Create a Google Cloud Project & Set Up Admin Access
-
Sign in as Super Administrator:
Log in to the Google Cloud Console using an account with super administrator privileges. -
Create a New Project:
- Click on the project dropdown at the top of the console and select New Project
- Enter a project name and (optionally) assign it to a folder or organization
- Click Create
Only the project creator has full control by default. It is recommended to add at least one additional administrator (using the IAM settings) to ensure continued access even if the original creator leaves your organization.
Step 2: Enable Required APIs
-
Navigate to APIs & Services > Library in the Cloud Console
-
Search for and enable the following APIs:
- Google Drive API
- Gmail API
- Google Calendar API
- Admin SDK API
- Google Docs API
- Google Sheets API
- Google Slides API
Make sure that all of the listed APIs are enabled to ensure smooth operation of the enterprise search application.
Step 3: Create a Service Account
- Navigate to IAM & Admin > Service Accounts in the Cloud Console
- Click Create Service Account
- Enter a Service Account Name and an optional Description
- Click Create and Continue, then Done
- Copy the Unique ID for use in the next step
Step 4: Delegate Domain-Wide Authority
- Sign in to the Google Admin Console with a super administrator account
- Navigate to Security > Access and data control > API controls
- Click Manage Domain Wide Delegation
- Click Add new and paste the service account’s client ID
- Add the following OAuth scopes:
- Click Authorize
Domain-wide delegation lets your service account impersonate users within your domain. Make sure that both the service account and the end user email belong to the same domain.
Step 5: Create a JSON Key for the Service Account
- In the Service Accounts list, select your newly created service account
- Click on the Keys tab
- Click Add Key and select Create new key
- Choose JSON as the key type and click Create
- Save the automatically downloaded JSON key file
Store this JSON file securely as it contains sensitive credentials and cannot be recovered if lost.
It might be that while creating the key you get the error:
In this case, follow the steps given under the heading Enable Service Account Key Creation.
If your key was successfully created and downloaded, you can use that key in the enterprise search application.
Configuring and enabling connector
- Navigate to the Connectors tab under settings tab in Company Profile
- Click on “Click to View” Button
- If not configured, click on settings button which will open a configuration dialog
- In the Configuration Dialog:
- Enter the Admin Email (Admin user’s email with which you created the Google Cloud credentials)
- Select the JSON key file to upload and click on Save button.
- To enable the connector, click on the enable button so that data can be shared
Enable Service Account Key Creation
If you encounter an error while creating the service account key due to organization policy constraints, follow these steps:
1. Switch to the Organization Context
At the top of the Google Cloud Console (where the project name is shown), click the drop-down to see a list of organizations and projects.
Select your organization rather than a specific project.
If you don’t see an organization listed, make sure you’re signed in with an account that has access to the organization.
2. Add Organisation Policy Administrator Role
Navigate to IAM & Admin > IAM in the Cloud Console
Find the current user and Click on the Pencil icon.
Click on the Add another role button.
Search for the Organisation Policy Administrator role.
Click on the Add button.
Click on the Save button.
3. Disable the Service Account Key Creation constraint
Navigate to IAM & Admin > Organization Policies in the Cloud Console
Search for "iam.disableServiceAccountKeyCreation"
Select the policy
Click on the Manage Policy button
In Policy source, Select Override parent’s policy. Add a rule and set the enforcement to “Off”
Click on the Save button
After completing these steps, return to Step 5 and try creating the service account key again.
Google PubSub Configuration
PubSub setup enables real-time updates for Gmail content. While optional, it’s highly recommended for maintaining up-to-date content in Enterprise search.
Step 1: Set Up a Cloud Pub/Sub Topic
- Navigate to Pub/Sub > Topics in the Cloud Console sidebar
- Click Create Topic
- Enter a unique name (e.g.,
projects/your-project-id/topics/gmail-webhook-topic) - Check “Add a default subscription”
- Click Create to confirm
Step 2: Configure the Subscription
- Go to Pub/Sub > Topics
- Select the subscription created with the topic
- Click Edit
- Change Delivery type to “Push”
- Set Endpoint URL as “your_base_url/gmail/webhook”
- Adjust Expiry Period as needed
- Click Update
Ensure your base URL matches the Enterprise search connector service base URL
Step 3: Set Topic Permissions
- In Pub/Sub > Topics, select your topic
- Open the Info Panel (right side)
- Click Add Principals
- Add
gmail-api-push@system.gserviceaccount.com - Assign the Pub/Sub Publisher role
- Click Save
If you encounter an organizational policy constraint error, modify the policy in organizational policies to allow the given domain. Allow 5-10 minutes for changes to propagate.