Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The Google Drive Microsoft 365 Copilot connector allows your organization to index files that anyone can access in Google Drive and make them available to Microsoft 365 Copilot and Microsoft Search. This article provides information about the configuration steps that Google Workspace admins need to complete to deploy the Google Drive connector.
For information about how to deploy the connector, see Google Drive connector deployment.
Prerequisites
To complete the setup steps, you must be a Google Workspace super admin, be granted access by a Google Workspace super admin, or be a user with administrative privileges.
To verify user permissions:
- In the Google Admin console, go to Menu > Directory > Users.
- Open your account page.
- On the User details tab, in the Admin roles and privileges section, view the roles assigned to you and the privileges inherited from those roles.
Setup checklist
The following checklist lists the steps involved in configuring the environment and setting up the connector prerequisites.
| Task | Role |
|---|---|
| Create a Google Cloud project | Google Workspace admin |
| Enable Admin SDK and Drive APIs | Google Workspace admin |
| Create a Google Cloud service account | Google Workspace admin |
| Add OAuth 2.0 scopes to the service account | Google Workspace admin |
| Get the OAuth 2.0 client ID | Google Workspace admin |
Create a Google Cloud project
The Google Drive Copilot connector requires a service account key generated by a Google Cloud Platform console project. When you deploy the connector in the Microsoft 365 admin center, you need to provide the service account key.
You can use an existing project you own, or create a new project. To create a project:
Go to the Manage resources page in the Google Cloud Platform console.
Select Create Project.
Enter a project name, organization, and location.
Note the Project ID for later use.
Select Create.
Enable required APIs
Enable the following APIs in your Google Cloud project:
Create a Google Cloud service account
To create a Google Cloud service account:
Go to the Service Accounts page.
Select your project.
Select Create Service Account.
Enter a name, ID, and optional description.
Select Create and Continue.
Skip Permissions and Principals with access, then select Done.
On the Service Accounts page, select the three-dot menu under Actions and select Manage Keys.
Select Add Key > Create New Key.
Choose JSON as the key type and select Create.
A private JSON key is downloaded to your computer.
Add OAuth scopes to your service account
To add OAuth scopes to your service account:
Go to the Google Admin console.
Go to Security > Access and data control > API controls.
Select Manage Domain Wide Delegation.
Select Add new and enter the following OAuth scopes:
https://www.googleapis.com/auth/admin.directory.user.readonlyhttps://www.googleapis.com/auth/admin.directory.group.readonlyhttps://www.googleapis.com/auth/drive.readonlyhttps://www.googleapis.com/auth/admin.reports.audit.readonly
Get the OAuth 2.0 client ID
To get the client ID:
- Sign in to the Google Cloud Platform.
- Select your service account.
- Copy the OAuth 2.0 Client ID.
Authentication in Microsoft 365
Provide the following information to the admin to authenticate the connector during the admin center setup process:
- Google Workspace domain
- Admin email
- JSON private key