Drive Connect's use of Google service accounts
In order to use Automation features, Drive Connect leverages a Google service account to aide in the creation of files and folders. A Google service account is a special kind of account used by an application. Applications use service accounts to make authorized API calls, authorized as either the service account itself, or as Google Workspace or Cloud Identity user.
Here is a run down of how our Google Service account works:
Drive Connect creates files and folders on behalf of a single automation user that you define in the Drive Connect Automation Preferences section
You must install our Marketplace app in order to automate these actions
This creates a service account which allows us to perform actions on behalf of your designated automation user
The Marketplace app provides Drive Connect the following Permissions:
You should limit the Drive Connect service account's access to the single automation user you plan to have the Service account work on behalf of by creating a group with just that single user within it. Here is an article from Google on how to create a security group. This way Drive Connect will only be able to leverage the rights listed above for that one user.
Note: For additional security, you should limit the user to only have access to the Shared drives and folders in Google Drive it needs to perform automation on.
Unsupported Field Types
- In the Drive Connect App > Under the Setup tab > In the Preferences section > in the Automation tab, you'll need to enter in the email of the user who you would want the service account to create files and folders on behalf of. This user must have the marketplace app installed and enabled for them as mentioned above.
Please contact Drive Connect support if you have any questions about setting up our automation functionality.