Google Drive connector

Index Google Docs, Sheets, and PDFs from a Drive folder. Two modes: a shared service account (admins, indexes a folder the whole company shares) or personal OAuth (each user grants access to their own Drive — see Personal connectors).

Choosing between OAuth and a service account

For personal OAuth, see the Personal connectors doc — the install runs out of the personal-connectors page rather than the tenant Connectors form.

Shared service account

1. In Google Cloud Console, create (or reuse) a project. Enable the Google Drive API.
2. IAM → Service Accounts → Create. Name itgigamcp-drive-reader. Grant no project roles.
3. On the new service account, Keys → Add key → JSON. Download the JSON file. Treat it as a secret — anyone with this file can read every Drive item shared with the service account.
4. In Google Drive, share the folder you want indexed with the service account's email (something likegigamcp-drive-reader@<project>.iam.gserviceaccount.com), giving it Viewer permission.
5. In the Gigamcp admin console: Connectors → Add → Google Drive (Service Account). Paste the JSON, then paste the folder ID (the long random string in the folder URL).
6. Click Test connection. We list a handful of files to prove access; if you don't see them, double-check the share.
7. Pick the visibility (Whole tenant / Group / Just me) and save. Initial sync runs immediately; subsequent syncs run every 24 h and on demand from the admin console.

What gets indexed

• Google Docs (exported as Markdown).
• PDFs (text extracted via Apache Tika; OCR for scanned PDFs is off by default — turn on per-source if you need it).
• Plain text and CSV files.
• Google Sheets (each sheet → one chunk; off by default).

What does not get indexed

• Files not shared with the service account.
• Files in a Shared Drive — yet. Wire-up is on the post-launch roadmap; ping support if you need it.
• Binary files larger than 50 MB.

Picking a folder

We recurse into all sub-folders of the folder id you give us. To limit scope, share a smaller sub-folder; or use multiple knowledge sources within the same connector with different audiences (for example one folder per department).

Where to find the folder id: open the folder in Drive — the URL looks like https://drive.google.com/drive/folders/0AbcDeFGhIjKlMnOpQrStuvWxyz. The bold-ish segment after /folders/ is the id. Paste it into the connector's Default folder ID input or the per-source picker on the Knowledge page.

We deliberately do not embed the Google Drive Picker SDK in the v1 install form because it requires the user's browser to hold an OAuth access token (good for the personal-OAuth flow on /app/personal-connectors, but adds no value for the service-account install where the admin pastes a tenant-wide JSON anyway).

Domain-Wide Delegation (DWD)

Optional, only required if you need the connector to impersonate individual users in your Google Workspace domain (typical for "search every employee's My Drive" surfaces).

1. On the service account in Google Cloud Console, enable Show domain-wide delegation and copy the Client ID.
2. In Google Workspace Admin → Security → Access and data control → API controls → Manage Domain Wide Delegation, add the client id with the OAuth scope https://www.googleapis.com/auth/drive.readonly.
3. Re-paste the service-account JSON in Gigamcp; the connector now requests an impersonation subject from the per-source settings panel.

Rotation

Service-account keys do not auto-rotate on Google's side. We rotate the key in Secrets Manager every 90 days; the admin console pings you 14 days before the deadline so you can mint a new JSON in Google Cloud Console and paste it in.