Google Drive connection
If you will be creating datasets that process Google Workspace's Drive data, you must complete additional tasks to enable processing by Fusion.
NOTE: Fusion supports processing of data from Google Workspace's Drive; data from personal Google Drives is not supported.
Fusion uses a service account to access the user drives within your Google Workspace. Use of the service account provides the opportunity to access the drives without requiring individual end-user (employee) consent, and the access does not expire.
In Fusion, a dataset to process Google Drive data is associated with a single user account Google Drive.
Requirements
Prior to beginning the connection tasks, you must have the following in place.
-
A Google Workspace for the domain that includes the desired users' drives.
-
A Google project within the Workspace, with the User Type set to Internal.
Set the User Type for the project in the Google Cloud Platform, APIs & Services > OAth consent screen.
Review your Google Cloud document quotas to ensure ideal performance. For more information about document quotas, see the Google Cloud documentation at https://cloud.google.com/docs/quota.
Configure Google Drive connection
Complete the following tasks to enable Fusion to connect to and process items from Google Drive.
-
Log on to Google Cloud Platform as a G Suite administrator.
-
Create a new service account for the desired project.
When creating the account,
-
do not select any roles for the Grant this service account access to project (optional) step.
-
do not grant any user access for the Grant users access to this service account (optional) step.
-
-
Create a service account key.
When creating the service account key,
-
select JSON as the Key Type.
-
download the JSON key file. You will need this file to create the Google Drive source in Fusion. When you create the Google Drive source, you will select this JSON file when prompted for the "Certificate Upload (JSON)."
IMPORTANT: Your new public/private keypair is generated and downloaded to your machine; it serves as the only copy of this key. You are responsible for storing it securely. If you lose this keypair, you will need to generate a new one.
-
-
In the Service Account Details, select Enable Google Workspace Domain-wide Delegation
Make note of your Client ID.
-
From the APIs & Services dashboard, click ENABLE APIS AND SERVICES.
Search for and enable Google Drive API if not already enabled.
-
Log on to your domain's G Suite Admin console as a super administrator.
-
Navigate to Security > API Controls > Domain Wide Delegation > Manage Domain Wide Delegation and click Add New for the API Client.
-
Type the Client ID previously generated and set the following API scopes.
-
https://www.googleapis.com/auth/drive
-
https://www.googleapis.com/auth/admin.directory.user
Click Authorize.
-
Configure cloud connection web proxy settings (Optional)
The Google Drive processor service controlled by the processing agent requires connectivity to the Fusion cloud components, often located away from the local network where the agent host servers are located. Although direct connectivity is ideal, use of a web proxy may be required in some environments for the agent systems to reach the Fusion cloud.
-
On the machine hosting the Fusion processing agent, log on to the agent administration UI.
From the Start menu, click Fusion Agent > Agent Admin. The Advanced process settings page opens.
-
In the Category list, click Google Drive Processor.
-
Complete the following options.
Option Description Proxy address URL Type the URL of the web proxy.
Proxy bypass list Type a comma separated list of addresses that do not use the proxy server..
-
Click Save. You can close the agent administration UI.