File Search Google Drive Configuration

1. Create Google Cloud Project and Grant Scopes to Moveworks

1. Create Google Cloud Project

  1. Create a Google Cloud Project for Moveworks.
    1. Sign into https://console.cloud.google.com/cloud-resource-manager using an account with Google Workspace Super Admin privileges.
    2. Click +Create Project.
    3. Name the project Moveworks and select the top-level organization OU for your Google Workspace.
    4. Click Create.
    5. Once completed, click Select Project from Notifications or via Search.

2. Grant SDK Scopes to Project

  1. Turn on the Admin SDK and Google Drive APIs for your Google Cloud Project.
    1. From the top-left Navigation Menu, click APIs & Services > Enabled APIs & Services.
    2. Click +Enable APIs & Services.
    3. Search for each of the following APIs, and select Enable:
      • Admin SDK
      • Drive API

3. Create a Service Account and Generate a JSON Web Token

  1. From the top-left Navigation Menu, click APIs & Services > Credentials.

  2. Click +Create Credentials > Service account.

  3. For Service account name, enter Moveworks.

  4. (Optional) For Service account description, enter Bot.

  5. Click Create and Continue.

  6. Click Done > Save.

  7. Copy the Service Account email. You’ll need this later.

  8. Create the service account key

    1. Select the newly created Service Account.

    2. Copy the Unique ID and save it for later. You’ll need this later.

    3. At the top of the page, click Keys > Add Key > Create new key.

    4. Make sure the key type is set to JSON and click Create.

      You'll get a message that the service account's private key JSON file was downloaded to your computer. Make a note of the file name and where your browser saves it. You’ll need this later.

    5. Click Close on the pop-up window.

4. Add API Scopes to Service Account

  1. Add domain-wide delegated OAuth API scopes to the service account.
    1. Sign into your Google Admin Console using an account with Super Admin privileges.
    2. Navigate through the following: Menu > Security > Access and data control > API controls > Manage Domain-Wide Delegation.
    3. Click Add New.
    4. In the Client ID field, enter the service account's Unique ID saved in Step 2.
    5. Under OAuth Scopes, grant Moveworks the following scopes:
      1. https://www.googleapis.com/auth/admin.directory.group.readonly
      2. https://www.googleapis.com/auth/admin.directory.user.readonly
      3. https://www.googleapis.com/auth/drive.metadata.readonly
      4. https://www.googleapis.com/auth/drive.readonly
    6. Click Authorize.

2. Create Connector: Google Drive Connector with Service Account Auth (Moveworks Setup coming soon)

In this step, you will need to create the Google Connectors needed in order to enforce permissions, by using your JSON file from the Service Account Auth steps above.

  1. If working with your Customer Success team to configure, please send the JSON from previous steps, to your Customer Success representative, along with the email of your super admin.
  2. If using Moveworks Setup, create Google Drive Connector.
    1. In your Moveworks Admin Portal, go to the Connectors tab.
    2. Click Create New Connector.
    3. Select Google Drive.
    4. Select Service Account Auth.
    5. Enter Super Admin Email.
    6. Upload into your Connector the JSON that you downloaded previously.

3. Configure File Ingestion Steps in Moveworks Setup [Coming Soon]

Coming soon, you will be able to self-serve your File Ingestions via Moveworks Setup. Until then, your Customer Success team will configure your File Ingestions, using the credentials you provided in previous steps.

  1. In the Moveworks Self-Serve Product, go to the Answers > Ingestions > File Knowledge Screen.
  2. You can now configure your File Ingestion using the Connector you’ve created!
  3. Navigate to Enterprise Search, then Answers, and finally File Ingestion.
  4. Select the Google Drive Connector that you created in the previous step, and provide a Name your File ingestion config.
  5. Continue to the Ingestion Details page and Specify each Folder, using the Folder IDs.
    1. Please double check that you have entered the URLs correctly of the Google Drive folders from which you wish to ingest files from.
      1. Copy and paste the Folder IDs of each Shared Drive or Folder that you wish to ingest:
        1. For example, for the Shared Drive https://drive.google.com/drive/folders/0ALpuZyimVeHNUk9PVA, you will input 0ALpuZyimVeHNUk9PVA as the folder ID in Moveworks Setup
    2. Please double check that each Folder has been shared access with the Service Account that you have built for Moveworks.
    3. You can assign a Domain to each Folder, i.e IT, HR, Finance, etc.– this Domain is used for tagging in Analytics, enabling you to filter Search usage for each of your domains.
  6. Save the File Ingestions.

5. Continue to launch File Search to your employees (if not already)

  1. Refer back to the main File Search Self-Serve guide: File Search Self-Serve Configuration.