Google Drive
Here are the steps to use Google Drive as a data source.
Enable the APIs
Create a project in your Google API’s space:
https://console.developers.google.com/apis
Enable the Google Drive API for that project.
Enable the Admin SDK for that project.
Set up a service account
Follow Google’s instructions to create a service account with domain-wide delegation.
Visit:
https://console.developers.google.com.
In Credentials find the service account’s ClientID.
Go to Admin ⇾ Security ⇾ Advance Settings and authorise this comma-separated list using that ClientID:
https://www.googleapis.com/auth/drive.readonly,https://www.googleapis.com/auth/admin.directory.user.readonly,https://www.googleapis.com/auth/admin.directory.group.member.readonly
This authorises the service account to use the Drive API and the Directory API.
Create an administration account
NOW Privacy uses the administration account on your domain for data ingestion. It needs this account’s email address.
Create a domain administration account
Make sure that this account has Admin API privileges in read mode for Organisational Units, Users, and Groups.
The service account will need to impersonate the administration account to use the Directory API to list groups and users.
Decide on a crawl level
If you’re crawling a user group, find that user group’s email address.
If you’re crawling an individual user, find that user’s email address.
The Google Drive data source has three crawl levels:
Domain |
We crawl Google Drive for all users belonging to the domain. The service account impersonates the admin user. |
Group |
We crawl Google Drive for all domain users belonging to the group. The service account impersonates the user. |
User |
We crawl Google Drive for an individual domain user. The service account impersonates the user. |
Get the service account private key
Follow Google’s instructions to download the service account private key PEM file for authenticating the domain service account
You will need the contents of this file to set up the data source in NOW Privacy.
Create the data source in NOW Privacy
The final step uses the details you collected on this page.
From the main menu select Data Sources
Click New ⇾ New Data Source
In the New Data Source dialog, select the dataset this new data source will belong to by:
choosing an existing dataset from the dropdown, or
clicking Add to new Data Set and typing the name of your dataset
If you use option 3b, remember to add the dataset to at least one security group. If you don’t, no users will be able to see the data from this data source.
Click Next
Select the data source and click Next
Enter the credentials and details for the data source and click Next
Field
Description
Admin Account ID
The email address of the admin account you created. This is the account NOW Privacy will impersonate for domain and group crawls. Required.
Service Account ID
The email address of the service account you created. This is the account NOW Privacy will use for impersonation. Required.
Private Key PEM String
The private key for the service account. This is the content of the PEM file, not the file name. NOW Privacy needs an exact copy of the content so be careful here. Required.
Crawl Level
Domain
Group
User
Domain
The domain where the crawl happens. Required for all crawl levels.
Group ID
The email address for the user group you will crawl. Required for user group crawls.
User Account ID
The email address for the individual user you will crawl. Required for individual user crawls.
Select the country for this data source and click Next
The country is used in geographical visualisations
Optionally, click Add Custom Description
This allows you to use you own description for this data source, rather than accept the default description that NOW Privacy provides
Set the Crawl priority
Specify whether you want to crawl once or continuously
Click Start Crawl Immediately if you want to crawl the data right now
Or you can start a crawl manually anytime you want
Click Create Data Source