Google Drive & G Suite Integration (Automated Account Linking)

Posted on 8th November 2016

Foldr can automatically associate an on-premise Active Directory user account with a user in Google G-Suite.  This allows the administrator to present a users personal Google Drive cloud storage and also Team Drives to users as soon as they sign in, removing the need for the user to link the account manually.

The automatic linking option works by mapping a predefined Active Directory attribute to provide access to the correct cloud storage account.  i.e. the Foldr appliance will match the user’s LDAP attribute (email address or UPN) to the user in the Google G-Suite domain.

Activating Automated Linking with Google Drive:

1.  Browse to using your administrative account.  Follow the initial steps 1-3 here to create a Google Project and enable the Drive API for the project.

2.  Create the Service Account Key
Within the project, select API Manager >> Credentials >> Create Credentials >> Service Account Key


  1. Select ‘New Service account’ from the drop down menu, leaving the key type as JSON


4. Enter a services account name and account ID and choose ‘Owner‘ as the Role type


5.  A private key file (.JSON) will be created and download to your local workstation. Save this file and keep it in a secure location.  (This file cannot be downloaded later)



6. Enable DwD (Domain-wide delegation) for the service account

Click Manage service accounts


Click Options >> Edit for the new service account key


Check ‘Enable G Suite Domain-wide Delegation’ and give the product a name for the OAuth consent screen if this hasn’t already been configured at step 1.


Click Save

7. Create the matching Google service account within Foldr Settings >> General >> Service Accounts

– Select Account Type as Google

– Enter a description and paste the content of the JSON private key into Account Key (JSON) – Typical settings to map users personal Google Drive shown (note user attribute = Email Address)

8. Changing the default background access mode from manual to automated

Within Foldr Settings >> Services >> Google G Suite – change the background account access mode to ‘Use Service Account’ and select the service account created at step 7.


9. Allow Google service account (Client ID) permission to use Google APIs (Drive & Profile)

 Log in with an administrative account at and click Security


Click Advanced settings

 Click Manage API client access

Enter the Client Name string (found at > Project > API Manager > Credentials > OAuth 2.0 Client IDs

Enter the following API scope (note this is comma-delimited),profile

Finally, Click Authorize

The client name should then be displayed as shown

 10. Create a new global share within Foldr Settings >> Shares for Google Drive using the Google service account.

Note – Share URI (Path) is configured %googledrive%



Note 1 – Service Account configured with the Google service account

Note 2 – ‘Use service account for all access’ toggle is not required with Google Drive shares.


The Google integration for automatic Google Drive provisioning is now complete.  When a domain user logs into Foldr, their personal Google Drive share will be presented, providing the corresponding Active Directory account ‘mail’ attribute is configured correctly for the Google G Suite domain.

Need more help?

Get in touch with our friendly help desk who will be happy to assist you,