> ## Documentation Index
> Fetch the complete documentation index at: https://docs.onyx.app/llms.txt
> Use this file to discover all available pages before exploring further.
# Google Drive Service Account
> Set up Google Drive Service Account for the connector
This section walks through setting up the Google Drive connector using a Service Account.
More info on Service Accounts can be found [here](https://cloud.google.com/iam/docs/service-account-overview).
A Google Workspace is required.
If you'd rather use an individuals account + OAuth to access Google Drive, checkout the section [here](./oauth).
### Authorization
* [https://console.cloud.google.com/projectcreate](https://console.cloud.google.com/projectcreate)
Enable the **Google Drive API**, the **Admin SDK API**, the **Google Docs API**, and the **Google Sheets API**
* On the left panel, open **APIs & services**
* Go to **Enabled APIs and services**
* On the top click **+ENABLE APIS AND SERVICES**
* Search for **Google Drive API** and click **ENABLE**
* Alternatively visit this [link](https://console.cloud.google.com/flows/enableapi?apiid=drive.googleapis.com), select your project and enable the **Google Drive API**
* Search and enable: **Admin SDK API**, **Google Sheets API**, **Google Docs API**
* Go to the [Service Account management page](https://console.cloud.google.com/iam-admin/serviceaccounts) in Google Cloud.
* Click `Create Service Account` button and fill out the fields in step 1. You can ignore steps 2 and 3.
* Go to the `Keys` section, and click `Add Key`. Download this key, you will need to upload it to Onyx later.
Note for Google Organizations created after April 2024:
* To give the service account the proper permissions you will have to navigate to this [link](https://console.cloud.google.com/iam-admin/orgpolicies/iam-disableServiceAccountKeyCreation)
* Then select `Manage`, select `Override parent's policy` and then select `Not enforced` under `Rules`.
* Finally, select `SET POLICY`
Give this **Service Account** read-only access to Google Drive
* Copy the `Unique ID` of the Service Account
* Go to the [Domain-wide Delegation page](https://admin.google.com/ac/owl/domainwidedelegation) in the Google Admin Console.
* Click `Add new`, fill in the client ID with the `Unique ID` of the Service account
* Copy this comma separated list of scopes and paste it into field `OAuth scopes`:
`https://www.googleapis.com/auth/drive.readonly,https://www.googleapis.com/auth/drive.metadata.readonly,https://www.googleapis.com/auth/admin.directory.group.readonly,https://www.googleapis.com/auth/admin.directory.user.readonly`
### Indexing
First, navigate to the Admin Panel and select the Google Drive connector.
Then, create a new credential, then upload the key you downloaded in step 6. For the **Primary Admin Email**,
use the email of a user that:
* Has access to `Drive and Docs` in Google Workspace
* Has the following admin permissions:
* Admin console privileges -> Services -> Drive and Docs -> Settings
* Admin API privileges -> Users -> Read
* Admin API privileges -> Groups -> Read
* Admin API privileges -> Organization Units -> Read
This can either be an existing admin, or a brand new account created specifically for Onyx (e.g.
`onyx-robot@your-domain.com`). Note that this should *NOT* be the service account email.
This can be configured by an admin in the admin panel of the Google Workspace under Account > Admin roles.
Click **Create Credential**, and then close the dialog. From there,
click the **Continue** button and configure the connector!
Click **Create Credential**, and then close the dialog. From there,
click the **Continue** button and configure the connector!