Add or Edit a Google Drive for Work Source

Index Content Coveo Relevance Cloud Developer System Administrator Product Documentation

In this article

Source Key Characteristics
Authorize Your Coveo Organization to Access the Google Drive of Your Users
Add or Edit a Google Drive for Work Source
Index Content of Shared Drives
Link Sharing and the "Same Users and Groups as in Your Content System" Content Security Option
Safely Apply Content Filtering
What’s Next?

You can add the content of your domain’s Google Drives to a Coveo organization by creating a Google Drive for Work source

Depending on your source configuration, the source indexes the content of the My Drive folder for either all or specific users on your domain. You can also configure the source to index content in users' Shared Drives.

Note

When using the Coveo quickview component in search results, users won’t be able to preview files over 50 MB that aren’t native to Google Drive, such as .pdf or .xls. Your source enforces this limit to reduce indexing times. However, your source still indexes the item, and users can click the search result to access the item in Google Drive.

To index content in your users' Google Drives:

Leading practice

The number of items that a source processes per hour (crawling speed) depends on various factors, such as network bandwidth and source configuration. See About Crawling Speed for information on what can impact crawling speed, as well as possible solutions.

Source Key Characteristics

Features	Supported	Additional information
Google Drive for Work version	Latest cloud version	Following available Google Drive for Work releases
Searchable content types^[1]		Files, folders, comments and replies^[2], and user profiles
Content update operations	refresh		Takes place every day by default
rescan
rebuild
Content security options	Same users and groups as in your content system
Specific users and groups
Everyone

Features

Supported

Additional information

Google Drive for Work version

Latest cloud version

Following available Google Drive for Work releases

Searchable content types^[1]

Files, folders, comments and replies^[2], and user profiles

Content update operations

refresh

Takes place every day by default

rescan

rebuild

Content security options

Same users and groups as in your content system

Specific users and groups

Everyone

Authorize Your Coveo Organization to Access the Google Drive of Your Users

Before you create a Google Drive for Work source, you must:

Ensure to have a Google account with administrator credentials. These credentials allow your Coveo organization to read your Google account using OAuth 2.0, a protocol that authorizes access without giving your password.
Create a Google API Console project.
Modify security parameters in your Google Apps account.

Add or Edit a Google Drive for Work Source

Once you’ve authorized your Coveo organization to access your users' Google Drive, follow the instructions below to add or edit your Google Drive for Work source.

"Configuration" Tab

In the Add/Edit a Google Drive for Work Source panel, the Configuration tab is selected by default. It contains your source’s general and authentication information, as well as other parameters.

General Information

Source Name

Enter a name for your source.

Leading practice

A source name can’t be modified once it’s saved, therefore be sure to use a short and descriptive name, using letters, numbers, hyphens (-), and underscores (_). Avoid spaces and other special characters.

Google Apps Domain

Enter the Google Drive domain that you want to index.

Google Apps Administrator Account Email

Enter the email of a Google Apps administrator account in the user@company.com format.

Google Service Account Email

Enter the Google service account email address that you obtained when you authorized your Coveo organization to access the Google Drive of your users.

Private Key File

Click Choose File, and then select the private key file that you created when you authorized your Coveo organization to access the Gmail mailboxes of your users.

Optical Character Recognition (OCR)

If you want Coveo to extract text from image files or PDF files containing images, check the appropriate box. OCR-extracted text is processed as item data, meaning that it’s fully searchable and will appear in the item Quick View. See Enable Optical Character Recognition for details on this feature.

Note

Contact Coveo Sales to add this feature to your organization license.

"Users to Include" Section

Select All (default) to index the Google Drive content of all your domain users. Alternatively, select Specific to index the content of specific users only, and then enter the corresponding user email addresses.

By default, your Google Drive for Work source indexes files in a user’s My Drive folder, but you can choose to index content in users' Shared Drives as well.

Note

If you want users to be indexed as separate items, you must add the IndexUsers hidden parameter to the parameters section of the source JSON configuration, and then set its value to true.

"Additional Content to Include" Section

Trashed Items

Check this box to index the items in the trash folder.

Custom Properties

Check this box to include custom properties that Google applications or your custom applications added on items.

Note

Including custom properties significantly increases communication traffic between the source and the Google Drive. This, in turn, significantly increases indexing time.

"Content Security" Tab

Select who will be able to access the source items through a Coveo-powered search interface. For details on this parameter, see Content Security.

If your source uses the Same users and groups as in your content system content security option, see the Link Sharing and the "Same Users and Groups as in Your Content System" Content Security Option section for information on how a Google Drive file’s link-sharing options affect who can access the corresponding file in a Coveo-powered search interface.

When using the Everyone content security option, see Safely Apply Content Filtering for information on how to ensure that your source content is safely filtered and only accessible by intended users.

"Access" Tab

In the Access tab, set whether each group and API key can view or edit the source configuration (see Resource Access):

If available, in the left pane, click Groups or API Keys to select the appropriate list.
In the Access Level column for groups or API keys with access to source content, select View or Edit.

Completion

Finish adding or editing your source:

When you want to save your source configuration changes without starting a build/rebuild, such as when you know you want to do other changes soon, click Add Source/Save.

Note

On the Sources (platform-ca | platform-eu | platform-au) page, you must click Launch build or Start required rebuild in the source Status column to add the source content or to make your changes effective, respectively.

When you’re done editing the source and want to make changes effective, click Add and Build Source/Save and Rebuild Source.

Back on the Sources (platform-ca | platform-eu | platform-au) page, you can review the progress of your source addition or modification.

Once the source is built or rebuilt, you can review its content in the Content Browser.

Optionally, consider editing or adding mappings once your source is done building or rebuilding.

Index Content of Shared Drives

By default, a Google Drive for Work source indexes the content of the My Drive folder for either all or specific users on your domain, depending on the source Content Security configuration. However, you can configure the source to index content from users' Shared Drives as well by doing the following:

On the Sources (platform-ca | platform-eu | platform-au) page, click the Google Drive for Work source, and then click More > Edit JSON.
In the Edit a Source JSON Configuration panel, set the IndexSharedDrives parameter value to true.

Note

Your Google Drive for Work source indexes content only from Shared Drives that are associated to an authenticated user who is set as the Shared Drive’s manager.

If your source has the Same users and groups as in your content system content security option enabled, a user sees a Google Drive file in their Coveo search results only if the user is authorized to access the file based on the file’s link-sharing setting in Google Drive. In other words, if the file is shared with the user in Google Drive, the user will see the file in their Coveo search results.

Depending on a Google Drive file’s link-sharing settings, access is either:

Restricted to specific users only.
Granted to everyone in the organization account or everyone in general.

Note

When you set the link-sharing options for a folder in Google Drive, all files in the folder automatically inherit the folder’s link-sharing settings. This means that if you set the link-sharing options for a specific file, and then set the options for the file’s folder, the file’s link-sharing settings change to match its folder settings.

Restrict Access to Searchable Content Only

If the link-sharing options for a Google Drive file is set to allow access to everyone in your organization, you can use the OnlyIndexFilesSharedToDomainandSearchable source parameter in conjunction with the People in [organization] can search for this file link setting in Google Drive to index the file only if it is set as searchable in Google Drive. You can use this parameter, for instance, if you want to exclude a file from Coveo search results but make the file accessible in Google Drive.

By default, the OnlyIndexFilesSharedToDomainandSearchable parameter value is set to False, which means that all shared files are indexed and appear in Coveo search results for everyone in your organization. To restrict file access in Coveo search results only to files that are set as searchable in Google Drive:

In Google Drive, do the following for each file that you want your organization members to see in Coveo search results:
1. Right-click the file, and then click Get link.
2. In the Get Link section, click the Link Settings icon.
3. Enable People in [organization] can search for this file.
On the Sources (platform-ca | platform-eu | platform-au) page, click the Google Drive for Work source, and then click More > Edit JSON in the Action bar.
In the Edit a Source JSON Configuration panel, set the OnlyIndexFilesSharedToDomainandSearchable parameter value to true.
Click Save or Save and Rebuild.

Safely Apply Content Filtering

The best way to ensure that your indexed content is seen only by the intended users is to enforce content security by selecting the Same users and groups as in your content system option. Should this option be unavailable, select Specific users and groups instead.

However, if you need to configure your source so that the indexed source content is accessible to Everyone, you should adhere to the following leading practices to ensure that your source content is safely filtered and only accessible by the appropriate users:

Configure query filters: Apply filter rules on a query pipeline to filter the source content that appears in search results when a query goes through that pipeline.
Use condition-based query pipeline routing: Apply a condition on a query pipeline to make sure that every query originating from a specific search hub is routed to the right query pipeline.
Configure the search token: Authenticate user queries via a search token that’s generated server side that enforces a specific search hub.

Following the above leading practices results in a workflow whereby the user query is authenticated server side via a search token that enforces the search hub from which the query originates. Therefore, the query can’t be modified by users or client-side code. The query then passes through a specific query pipeline based on a search hub condition, and the query results are filtered using the filter rules.

Configure Query Filters

Filter rules allow you to enter hidden query expressions to be added to all queries going through a given query pipeline. They’re typically used to add a field-based expression to the constant query expression (cq).

Example

You apply the @objectType=="Solution" query filter to the pipeline to which the traffic of your public support portal is directed. As a result, the @objectType=="Solution" query expression is added to any query sent via this support portal.

Therefore, if a user types Speedbit watch wristband in the searchbox, the items returned are those that match these keywords and whose objectType has the Solution value. Items matching these keywords but having a different objectType value aren’t returned in the user’s search results.

To learn how to configure query pipeline filter rules, see Manage Filter Rules.

Note

You can also enforce a filter expression directly in the search token.

Use Condition-Based Query Pipeline Routing

The most recommended and flexible query pipeline routing mechanism is condition-based routing.

When using this routing mechanism, you ensure that search requests are routed to a specific query pipeline according to the search interface from which they originate, and the authentication is done server side.

To accomplish this:

Apply a condition to a query pipeline based on a search hub value, such as Search Hub is Community Search or Search Hub is Agent Panel. This condition ensures that all queries that originate from a specific search hub go through that query pipeline.
Authenticate user queries via a search token that’s generated server side and that contains the search hub parameter that you specified in the query pipeline.

Configure the Search Token

When using query filters to secure content, the safest way to enforce content security is to authenticate user queries using a search token that’s generated server side. For instance, when using this approach, you can enforce a search hub value in the search token. This makes every authenticated request that originates from a component use the specified search hub, and therefore be routed to the proper query pipeline. Because this configuration is stored server side and encrypted in the search token, it can’t be modified by users or client-side code.

Implementing search token authentication requires you to add server side logic to your web site or application. Therefore, the actual implementation details will vary from one project to another.

The following procedure provides general guidelines:

Note

If you’re using the Coveo In-Product Experience (IPX) feature, see Implementing Advanced Search Token Authentication.

Authenticate the user.
Call a service exposed through Coveo to request a search token for the authenticated user.
Specify the userIDs for the search token, and enforce a searchHub parameter in the search token.

Note

You can specify other parameters in the search token, such as a query filter.

For more information and examples, see Search Token Authentication.

What’s Next?

Schedule source updates.

1. By default, the Google Drive for Work source indexes files of the My Drive folder for each user, but you can configure the source to index files only for specific users. You can also choose to index files in users' Shared Drives. Shared items are indexed with the associated permissions, so that whoever is authorized to see the items can find them in Coveo search results.

2. The comments and replies are indexed in the coveo.comments and coveo.comments.authors metadata of their parent item rather than as separate items. This way, users can search for the content of a comment or reply and find the parent item.