Set Up Google Drive Connector

To set up the Google Drive connector you need to be an administrator of your Google Workspace. You will also need access to the Google Cloud Console.

Group-based sharing lets ambeRise respect your Google Workspace group permissions - if a file is shared with a group, only members of that group will see it in search results. To enable this, you need to add the optional Admin SDK scopes in Step 4 and include your Workspace domain in Step 7. If you skip the optional scopes, ambeRise will still index Drive but will only apply direct user-level permissions.

Step 1: Create a Google Cloud project

Go to https://console.cloud.google.com β†’ click the project dropdown in the top bar β†’ New Project.

  • Set the project name to amberise-drive-connector

  • Select your organization

  • Click Create

New Project dialog

Step 2: Enable the APIs

In the left menu go to APIs & Services β†’ Library. Search for each API below and click Enable:

  • Google Drive API

  • Admin SDK API (only required if you want group-based sharing to work)

Google Drive API and Admin SDK API enable pages

Step 3: Configure the OAuth consent screen

In the left menu go to Google Auth Platform β†’ Branding. Complete the 4-step wizard:

  • Set App name to ambeRise

  • Set User support email to your admin email

  • In the Audience step, select Internal

  • Add your admin email as Developer contact

  • Click Create

Branding setup wizard

Step 4: Add OAuth scopes

In the left menu go to Data Access β†’ Add or remove scopes. Scroll down to Manually add scopes and paste:

Required - needed for basic Drive indexing and user identification:

openid 
https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/drive.readonly

Optional - only needed for group-based sharing (see the intro above):

https://www.googleapis.com/auth/admin.directory.user.readonly https://www.googleapis.com/auth/admin.directory.group.readonly https://www.googleapis.com/auth/admin.directory.group.member.readonly

Click Add to table β†’ Save. You can see a description of what each scope does in the User-facing description column of the table.

Update selected scopes panel

Step 5: Create the OAuth client

In the left menu go to APIs & Services β†’ Credentials β†’ + Create credentials β†’ OAuth client ID.

Create credentials menu

  • Set Application type to Web application

  • Set Name to ambeRise

  • Under Authorized redirect URIs add:

    • https://<your-amberise-host>/api/auth/google_drive/callback

    • https://developers.google.com/oauthplayground

  • Click Create

OAuth client ID form

Copy the Client ID and Client Secret from the popup.

Step 6: Generate the refresh token

Go to https://developers.google.com/oauthplayground

  • Click the gear icon (top right)

  • Check "Use your own OAuth credentials"

  • Paste your Client ID and Client Secret from Step 5

  • Close the panel

OAuth Playground gear settings

On the left side, under Step 1 - Select & authorize APIs, find the "Input your own scopes" box at the bottom and paste all scopes at once:

https://www.googleapis.com/auth/drive.readonly https://www.googleapis.com/auth/admin.directory.user.readonly https://www.googleapis.com/auth/admin.directory.group.readonly https://www.googleapis.com/auth/admin.directory.group.member.readonly

Click Authorize APIs β†’ sign in with your Workspace admin account β†’ check all scopes β†’ click Allow.

Back in the Playground, click Step 2 β€” Exchange authorization code for tokens. Copy the refresh_token value from the JSON response on the right (starts with 1//).

Step 7: Share credentials with amber support

Securely share the following with the amber support team:

  • Client ID

  • Client Secret

  • Refresh Token

  • Workspace domain (e.g. example.com)

amber will configure the connector on your instance.