Google Drive Connector
Documentation
Version: 8
Documentation

Authentication Service Account


Description

Service accounts are accounts that do not represent a human user. They provide a way to manage authentication and authorization when a human is not directly involved, such as when an application needs to access Google Cloud resources. Service accounts are managed by IAM. [API reference]

Instructions

Follow these steps on how to create Service Account to authenticate and access Google Drive API in SSIS package or ODBC data source:

Step-1: Create project

This step is optional, if you already have a project in Google Cloud and can use it. However, if you don't, proceed with these simple steps to create one:

  1. First of all, go to Google API Console.

  2. Then click Select a project button and then click NEW PROJECT button:

    Start creating a new project in Google Cloud
  3. Name your project and click CREATE button:

    Create a new project in Google Cloud
  4. Wait until the project is created:

    Wait until project is created in Google Cloud
  5. Done! Let's proceed to the next step.

Step-2: Enable Google Drive API

In this step we will enable Google Drive API:

  1. Select your project on the top bar:

    Select project in Google Cloud
  2. Then click the "hamburger" icon on the top left and access APIs & Services:

    Access APIs and services in Google Cloud
  3. Now let's enable several APIs by clicking ENABLE APIS AND SERVICES button:

    Enable API for project in Google Cloud
  4. In the search bar search for drive and then locate and select Google Drive API:

    Search for API in Google Cloud
  5. Enable Google Drive API:

    Enable Google Drive API
  6. Done! Let's proceed to the next step.

Step-3: Create Service Account

Use the steps below to create a Service Account in Google Cloud:

  1. First of all, go to IAM & Admin in Google Cloud console:

    Access IAM & Admin in Google Cloud
  2. Once you do that, click Service Accounts on the left side and click CREATE SERVICE ACCOUNT button:

    Start creating service account in Google Cloud
  3. Then name your service account and click CREATE AND CONTINUE button:

    Create service account in Google Cloud
  4. Continue by clicking Select a role dropdown and start granting service account Project Viewer roles:

    Start granting service account project roles in Google Cloud
  5. Find Project group and select Viewer role:

    Grant service account project viewer role
  6. Finish adding roles by clicking CONTINUE button:

    Finish granting service account project roles in Google Cloud
    You can always add or modify permissions later in IAM & Admin.
  7. Finally, in the last step, just click button DONE:

    Finish configuring service account in Google Cloud
  8. Done! We are ready to add a Key to this service account in the next step.

Step-4: Add Key to Service Account

We are ready to add a Key (P12 certificate) to the created Service Account:

  1. In Service Accounts open newly created service account:

    Open service account in Google Cloud
  2. Next, copy email address of your service account for the later step:

    Copy service account email address in Google Cloud
  3. Continue by selecting KEYS tab, then press ADD KEY dropdown, and click Create new key menu item:

    Start creating key for service account in Google Cloud
  4. Finally, select P12 option and hit CREATE button:

    Create P12 key for service account in Google Cloud
  5. P12 certificate downloads into your machine. We have all the data needed for authentication, let's proceed to the last step!

Step-5: Share Google Drive files and folders with Service Account

Now it's time to grant Google Drive read/write permissions to the created service account:

  1. Login to https://drive.google.com with Google account credentials whose files/folders you want to share with the service account.
  2. Select the file or folder, right-click on it, click Share menu item, and then hit Share subitem:

    Share Google Drive file or folder with service account
  3. Share it with your service account:

    Share Google Drive folder with service account
  4. Grant it appropriate permissions, e.g. Viewer or Editor (for reading or writing):

    Grant service account Google Drive file permissions
  5. That's it! Let's proceed to the configuration!

Step-6: Configure connection

  1. Now go to SSIS package or ODBC data source and configure these fields in Service Account authentication configuration:

    • In the Service Account Email field paste the service account Email address value you copied in the previous step.
    • In the Service Account Private Key Path (i.e. *.p12) field use downloaded certificate's file path.
  2. Done! Now you are ready to use Google Drive Connector!

Parameters

Parameter Label Required Default value Options Description
ClientId Service Account Email YES This is service account email ID (e.g. some_name@my_project.iam.gserviceaccount.com)
PrivateKeyPath Service Account Private Key Path (i.e. *.p12) YES File path for p12 file (i.e. Private Key file for service account). Keep this key file secure
Scope Scope https://www.googleapis.com/auth/drive
RetryMode RetryMode RetryWhenStatusCodeMatch
Name Value
None None
RetryAny RetryAny
RetryWhenStatusCodeMatch RetryWhenStatusCodeMatch
RetryStatusCodeList RetryStatusCodeList 403|429
RetryCountMax RetryCountMax 5
RetryMultiplyWaitTime RetryMultiplyWaitTime True
ImpersonateAs Impersonate As (Google account email address)