■
In this article, we’ll cover key features, setup options, and security permissions you’ll need for the Google Drive file storage integration to work properly. We will also provide step-by-step instructions for End users and App managers.
- Integration path
- Integration features
- Need to know before setup
- Security overview
- Setup and ownership options
- Connect Google Drive as a Site owner
- Connect Google Drive as an End user
- Connect Google Drive as an Application manager
- Google Drive file search
Integration path
- Review the integration features below and decide specifications needed for your organization.
- Define the Drive structure your organization wants to use in connecting the integration.
- Establish your Google domain in Simpplr.
- Connect the integration at the application level.
- Content teams add the correct files to their target folders, and connect them to Simpplr content.
- End users connect their integration to their Simpplr profile.
- Now the files will be available for all users to access.
Integration features
- Attach files from your Drive directly to your Simpplr content.
- Add new versions of files, and download files to Google Drive from your intranet interface.
Need to know
- When Google Drive is enabled in the intranet, its folder structure should be visible to the users in file manager.
- Your Google admin must first connect your org's Google domain in Simpplr before the integration can be set up. See instructions below.
- Roles:
-
- Google Suite Administrator - The initial connection for the integration must be completed by the Google Admin user.
- Content managers/End users - Once connected, Content managers and End users can attach files directly from the Google Drive to content on their site.
Security overview
-
To initiate the integration, the Google must connect using the G Suite Admin account. The Admin will be asked to provide the following access:
-
Then each user will need to connect their account at the profile level under their Profile & settings menu. The End user will only need to do this once.
Google Drive OAuth Permissions/Scopes
Permission | Description | Use | Features |
https://www.googleapis.com/auth/drive | See, edit, create, and delete all of your Google Drive files | Used for all API calls made to Google Drive APIs |
|
https://www.googleapis.com/auth/admin.directory.group | View and manage the provisioning of groups on your domain | Prior to Laki (and for users who choose not to upgrade to Google multi-domain), this scope is used for the purpose of hitting Google Groups APIs in order to create & update App-Level and Site-Level Google Groups to support Simpplr-managed Permissions. |
|
When Google Drive has been enabled on your app, an application root folder, as well as an all-company group will automatically be created in Google Drive’s service account.
- The folder’s name is [*app name*] root.
- The folder will only be accessible through Google Drive’s service account.
- The folder is used to define search parameters when searching for Google Drive files and folders that are linked to Simpplr.
Note:
If your organization is on the Laki release or later, Simpplr does not require nor ask for the 'manage groups' permission. However, if a user has previously granted Simpplr the manage groups permission (for example, if they were using the pre-Laki, Simpplr-managed permissions configuration), 'manage groups' permission will continue to show in the request. This is because when requesting new permissions, the Google authorization screen will always display all permissions previously granted together with the new requests, so that the user can review them all.How the Simpplr integration affects permissions to Google Drive - Google Drive Folders
The integration is designed so that access to the target folder on your Google Drive is governed by the membership for the site you connect those folders to. As you set up your integration, new groups will be created automatically in your Google Workspace to govern permissions. Each time you connect a folder to a site, two new groups will be created to manage permissions to that folder:
- “Site Administrators” group - an editors group that provides Read/Write access for the Site owner and Site manager to the connected folder.
- “Site Users” group - a view only group that provides Read access for Content managers and Site members/End users to the connected folder.
When you add users as members to your site, they will be automatically added to the applicable Google Groups to give those users access to the target folders both via Simpplr and Google.
Once you’ve connected a Google Drive folder to your target site, your groups should look like the image below, with one “Site Administrators,” group and one “Site Users,” group. We also see the “Company Group” that was created when we connected the integration. Each time you connect a folder to a Site, “Site Administrators” and “Site Users” groups will be created to manage permissions based on your site’s membership in Simpplr. All groups within your Google Workspace are visible to all Workspace members.
Setup and ownership options
There are three options our customers use to organize their Google Drive folders for integration with Simpplr:
Method | Description | Pros | Cons |
---|---|---|---|
Decentralized | Each Site owner is the owner of their respective Google Drive folder structure |
- Easiest to set up - Least overhead required |
- Continuity planning can be complicated - Low admin visibility |
Central Service Account | Use a service account as the owner of your Google Drive folder structure |
- Makes continuity planning easier - Gives admins more control and visibility |
- Requires admin oversight, setup, and maintenance - Use of a service account may not meet company security requirements |
Central Non-Service Account | Use a single user’s account as the owner of your Google Drive folder structure |
- Improved continuity planning - Gives admins more control and visibility |
- Requires admin oversight, setup, and maintenance |
Centralized Google Drive ownership
If you want to provide for continuity planning when several teams are using Google Drive to share documents on your intranet, centralized ownership may be for you.
The key feature of this setup is:
- One user creates a shared folder structure in their Google Drive, then shares out subfolders with Editor permissions to the appropriate team members (i.e. Site owners and managers) for storage and sharing via the integration.
In this case, the Primary folder would only be created by the central owner, then the central owner would then share the sub folders as they line up with specific sites. Access to the documents contained in those folders will be based on site membership to the target connected folder.
The below represents the structure for both the service account and the Individual central account setups listed in the matrix above.
Once the team has the Google Drive Folder structure in place, it's time to connect those folders to our respective sites. We have two options here:
- Make the centralized account the Site owner. This works for either the service account or the central user account, this is the method most focused on continuity planning. The downside is that an account not necessarily related to the content on the given site will be listed as the Site owner. The upside is that this method provides for continuity planning, and allows for various members of the team to come and go without interrupting the data connections. We strongly recommend this option.
- Make someone else the Site owner. As long as the Google Drive folder structure has already been shared with this individual, they will be able to connect the appropriate folder structure to their site. The downside to this method is that when that person leaves, we’ll need to change the site ownership and transfer the Google Drive folder structure ownership to someone else. This also puts an additional burden on the individual who owns the folder structure as they will be the one who creates new folders and generally maintains the structure from the Google side. The upside is that continuity planning is easier than the decentralized approach.
Centralized example
Let’s explore the centralized option as it would apply to an HR department’s structure at our sample company, Atlas Medical Company. Atlas is headquartered in Chicago, USA and has facilities in Europe as well. They will be using a centralized approach, with a service account as owner. They have HR Generalists who are in charge of content for each region. So their system map may look something like:
In this case our IT team is providing the service account and primary folder structure. Below that we have a high level folder to contain all of HR and subfolders for each of the HR sites that we are working on. We will also be making the service account the Site owner for each site. Since the high level HR folder is shared with key members of the HR team, the HR team is able to manage what files go into the high level folder and subfolders within Google Drive. This setup supports change and or continuity within your company because people from the team can come and go and all of the folders will stay connected and accessible by all Site members. Once in place this method requires very little upkeep.
Decentralized Google Drive ownership
Here we leave folder ownership up to the Site owners of the individual sites in the intranet. This approach requires the least planning and setup, but would require the most work to maintain continuity if a Site owner leaves the company. The IT team will need to transfer the individual Google Drive Folders to the new Site owner when the original Site owner leaves.
The key characteristic to this setup is that the Site owners are also the Google Drive Folder owners. This will require the Site owner to manage and maintain the folder structure. If the Site owner leaves, then the IT team will need to transfer the Folder structure to the new Site Owner as they decommission the original Site Owner’s accounts.
Decentralized example
Let’s explore the decentralized option as it would apply to an HR Department’s structure at our sample company, Atlas Medical Company. Atlas is headquartered in Chicago, USA and has facilities in Europe as well. They will be using a decentralized approach, with each Site owner as the owner of their respective folder structure. They have HR Generalists who are in charge of content for each region. So their system map might look like:
Here we see that the USA Generalist owns two Site folders, USA and Global, and our European Generalist owns the European Site Google Drive Folder. Each of these individuals will also be Site owners for their respective sites. When one of the Generalists leaves, the Google Administrator will need to transfer their folders to whomever will be the replacement Site owner to maintain the connection.
Changing site ownership
If a site’s owner or manager leaves your company, the site’s files will be unchanged. Ownership of the files in the account will need to be given to another user (by the Site owner or Google Admin), as long as that user is connected to the same account. The new Site owner will be given the root folder in their storage account, including the sub-folders contained in the root folder. If the new owner isn’t connected to the same file storage software, the original owner will receive a warning. They must choose another user, or the new designated owner must connect their account to the file storage software.
Follow the steps below to change the Site owner:
- Know which Site owner is leaving and decide who the new Site owner should be.
-
When deactivating the previous Site owner's account, have the Google Workspace admin transfer the folders to the new Site owner's account within Google. This is a standard option when deactivating Google accounts. There may be some cleanup required as the admin needs to transfer their entire Drive, not just one folder. This Google article will instruct you on how to transfer file ownership.
- Reconnect the integration at the site level using the new Site owner's account. Click here for setup at the site level instructions.
Establish your org domain(s) for the integration
Before the integration can be established, Simpplr must first establish a domain connection. This will determine which domain(s) can be used for the integration; for example, company.com can be added as a domain, but if you have employees under othercompany.com, you can also add that domain so that the integration will work for all users.
The Google admin user must be the user to complete these steps. To get started:
- From your user profile in Simpplr, go to Manage > Application > Integrations.
- From the Domains tab, find Google and select Add domain name.
- Enter your company domain name and click Add. If you have multiple domains, repeat these steps.
- Click Save. Now when your users connect at the user profile level, their domain will be supported if separate from the primary company domain.
Note:
Only one shared drive can be connected to a Simpplr site at a time. More on this below.Multi-domain support
As of the Laki release, you can enable multiple domains for your Google Drive and Google Calendar integrations with Simpplr.
- App managers can add, view, and delete domains for Google Drive and Calendar.
- Domains can be managed by going to Manage > Application > Integrations > Domains.
- Upgrading to multi-domain is optional.
Set up and add/remove multiple domains
To set up multi-domain:
- Go to Manage > Application > Integrations > Domains.
- Add the domain names you want.
Google managed permissions
To continue setting up with Google managed permissions:
- Under the Domains tab, click Add domain name.
- Select whether the domain is for Google Drive or Calendar. Enter the applicable domain name.
- Click Add domain. Once added, you can remove a domain by clicking x on the right.
The Google Drive (and if applicable, Google Calendar) domain used prior to the Laki upgrade is added automatically.
Note:
The upgrade process takes several minutes. Google Drive and Calendar will be disabled for your app during this time. If you receive an upgrade failed message, please contact Simpplr Support.Once upgraded, domains can be managed by going to Manage > Application > Integrations > Domains.
Google Workspace Directory data
Multi-domain isn’t yet available for Google Workspace Directory. Regardless of permission type, if Google Workspace Directory was already enabled prior to the Laki upgrade, it will be found under Manage > Application > Integrations > People data. Its domain will be unaffected by the domains added or removed for Google Drive/Calendar.
Connect Google Drive as a Site owner in Simpplr
As a Site owner, it is up to you to enable Google Drive functionality at the site level. To link folders to a site where Google Drive has been integrated, you must select Google Drive as the site’s file storage. Please note you must first connect your own individual profile to Google Drive before connecting your site. See instructions below for connecting your user profile. To connect at the site level:
-
From your Simpplr site, go to Manage site > Setup > External files.
- From the dropdown list, choose Google Drive. Note you can only select one file storage option per site.
Note:
All Site owners and managers can link folders to a site, as long as they and the site are connected to Google Drive.
To link Google Drive folders to your site:
-
Navigate to Files from your site landing page.
-
Select the Google Drive files folder.
-
Select Link Google Drive Folder. If you can’t see this option, it is likely because:
- You need to create a new Google Drive folder first, or
- You are not the Site owner or manager.
Note
You can also create a new Google Drive folder. Doing so will create a new folder directly in Google Drive. If you create a new folder inside another folder, the permissions will be inherited from the parent folder. However, you can only create a folder inside another folder if the parent folder is linked.- Select the folder you wish to link to the Simpplr site from Shared Drives (if enabled) or My Drive.
Note
You can also unlink folders. Any folders unlinked are removed from the Site root folder. The permissions for the folder are removed from the Site group.
Connect Google Drive as an End user on Simpplr
As a Simpplr End user, once your Application manager has set up the connection with Simpplr, you will be able to attach, share, and edit files you have access to in Google Drive, all from within your Simpplr intranet. First you must enable Google Drive on your profile. To do so:
- Navigate to your user profile image and click Profile & settings. Once your profile is open, click Edit profile & settings.
- Click External apps, then next to Google Drive, click Sign in with Google. You will be asked to allow the permissions from Google. Click Allow. Your Google account is now connected with your Simpplr interface.
-
Now when you create content and want to attach files, you'll be given the option to include files from your Google Drive account.
Connect Google Drive as an App manager in Simpplr
App managers can integrate Google Drive with their Simpplr intranet. Until Google Drive is integrated with Simpplr, your Site owners and Content managers will not be able to access MyDrive and/or Shared drives. To integrate Google Drive with Simpplr.
- Ensure your org's Google domain(s) is/are set up in the Manage > Application > Domains tab.
- Go to Manage > Application.
-
Go to the Integrations tab and select File management.
-
Check the box next to Google Drive.
5. Choose your org’s access permissions (see Access permissions section below).
6. Click Save. Google Drive is now integrated with Simpplr.
Access permissions
You must determine how Simpplr users can interact with Google Drive files they don’t have access to. Choose whether or not users without file access are shown an ‘Open in Google Drive’ prompt. Giving users this prompt may allow them to request file access directly in Google Drive.
Linking Google Drive to sites
Once Google Drive has been enabled, users can link Drive files and folders to sites, making them available for users to discover within Simpplr as well as sharing content on the site.
- Users can only link a single drive to a site.
- Users can still link multiple folders from My Drive.
How to fix the Authorization Error if the Google Workspace account won't connect
Users have reported receiving the following Google authorization error when attempting to connect at the Application level:
To fix this issue:
-
Log in to the Google Admin console.
-
From the Home page, go to Security API controls.
-
Under App access control, click MANAGE THIRD-PARTY APP ACCESS.
-
Find the “Simpplr for Google Workspace” app in the list.
-
Check the box for “Simpplr for Google Workspace” app and click Change access.
-
If the value is “Blocked” you will get above error. It should be changed to “Limited”
-
Click CHANGE.
- Navigate back to the Google Admin login from Simpplr and try connecting again.
Google Drive file search
Global search
Once Google Drive is integrated, users that have connected their Simpplr profile (as an End user) search Google Drive content directly in Simpplr.
Shared drive content will be discoverable on Simpplr's global search, based on the user's Google Drive permissions.
Site search
Searching for Google Drive files in site search will only return files from the Shared drive(s) linked to the site.
Comments
Please sign in to leave a comment.