Google Drive & G Suite Integration (Automated Account Linking)

Foldr can automatically link/associate an on-premise Active Directory user account with a user in Google G Suite.  For organsation controlled G Suite domains, this is the recommended method of linking users.

The G Suite integration allows the administrator to present a user’s personal Google Drive storage and also Shared Google Drives to users as soon as they sign in, removing the need for the user to link accounts manually.  The automatic linking option works by mapping a predefined Active Directory attribute to provide access to the correct cloud storage account.  i.e. the Foldr appliance will match the user’s email address or UPN attribute to the user in the organisation’s Google G Suite domain.

Activating Automated Linking with Google Drive:

1. Browse to using your administrative account.

2. Create a new project – Click the chevron shown below.  Depending on the view, it may be at the organisation level or another existing project

3. Click New Project

4. Give the Project a suitable name and click Create

5. This will drop you to the APIs and Services panel.  Click + ENABLE APIS AND SERVICES

6.  Search for ‘drive’ in the API library

7. Select the Google Drive API

8. Click the Enable button

9.  This will drop you at the Google Drive API panel.  Click Credentials

10.  Click + Create Credentials

11. Click Service account

12. Give the service account a suitable name and click CREATE

Note – The ‘service account ID’ is automatically populated

13. The service account permissions panel will display.  Select the role as Project > Owner

14.  Click Continue

15.  The grant users access to this service account dialog will display.  Do not configure any options here and click Done

16.  The new service account will be shown.  Click the Edit button highlighted

17.  The service account details panel with be shown.  Click the text labelled Show domain-wide delegation

18. Enable the checkbox to ‘Enable G Suite Domain-wide Delegation’

19. Enter a product name for the consent screen

20.  Directly under the domain-wide delegation section, click ADD KEY

21. Click Create new key

22. Leave the key type as ‘JSON’ and click Create

23. A notice will appear that the private key (.JSON file) has been created and this is saved to the local machine.  Depending on your browser, you may get a Save As dialog appear asking where to save the .json private key.  Keep this file in a secure place as it will be required later in the integration.

Click Close and the key will be shown in the summary

24.   Click SAVE (directly under the key shown)

25.  Now that domain-wide delegation is enabled, an OAuth 2.0 client ID will be automatically created.  Click the copy button to copy the client ID to the clipboard

26. Navigate to and click Security

27. Scroll down and click Advanced

28.  At the bottom of page select Manage domain-wide delegation

29. Click Add New

30. Paste the OAuth 2.0 Client ID as taken from step 25.  In the OAuth scope field paste the following exactly as shown:,profile

31. Browse to Foldr Settings and create a new Service Account with Type ‘Google‘ within General >> Service Accounts >> +Add New

32. Paste in the .JSON files (service account key) downloaded at step 23

Note that the ‘Attribute for impersonation’ being used here is Email (i.e. the mail attribute in Active Directory) – you can alternatively select the UPN (userPrincipalName in Active Directory) or ‘Custom’.

The Custom option is useful if neither the user’s G Suite email address is populated as the Email or UPN attributes in Active Directory and allows the administrator to enter an example of:

33. Click UPDATE

34.  Navigate to Foldr Settings >> Integrations and select Google G Suite

35. Enable the integration

36. Under the Access section select ‘Use Service Account’ and select the service account created eariler

37.  Create the Google Drive storage location in Foldr Settings.  Navigate to Foldr Settings >> Shares & Storage and create a new storage item by clicking +Add New

38.  Give the storage location a suitable name and use the Storage Address of %googledrive%

Select the Google Drive icon or other as required)

39.  Click the Access tab and select the Google service account that was created earlier.

The integration for automatic account linking with Google Drive is now complete.

When a user logs into Foldr using the web, mobile or desktop apps, they should see their personal Google Drive under My Files.  Microsoft Office documents that are hosted on-premise or in Drive may be edited in place using G-Suite productivity apps which will save back to their original location once the user has finished editing.  As part of enabling the Google integration the user will now see a ‘Edit with Google G-Suite’ button in the Foldr web app for Office and G-Suite files.

The Windows and macOS desktop apps will allow users to edit G Suite files (Docs, Slides and Sheets) straight from Explorer / Finder.

Need more help?

Get in touch and we'll be happy to assist you, [email protected]

© Minnow IT. Registered in England and Wales with company number 07970411.

Made with in Bristol, UK