■
In this article, we’ll cover key features, setup options, and security permissions you’ll need for the Google My Drive file storage integration to work properly. We will also provide step-by-step instructions for End users, Site managers, and App managers.
Note:
This article focuses on My Drive only integrations. We strongly recommend you use a Shared Drive integration.Click here for the article on Google Shared Drive Integration.
- Integration path
- Integration features
- Need to know before setup
- Security overview
- Setup and ownership options
- Connect Google Drive as an End user
- Connect Google Drive as a Site owner
- Connect Google Drive as an Application manager
- Google Drive file search
Integration path
- Review the integration features below and decide specifications needed for your organization.
- Define the Drive structure your organization wants to use in connecting the integration.
- App managers connect the integration at the application level.
- Site owners connect their integration profile to their Simpplr profile.
- Site owners connect to the integration at the Site level and select which folders to share.
- Content teams add the correct files to their target folders, and connect them to Simpplr content.
- End users connect their integration to their Simpplr profile.
- Now the files will be available for site members to access.
Integration features
- Connect your Google My Drive folder(s) to a Simpplr site to make files searchable by site members.
- Attach files from your Drive directly to your Simpplr content.
- Upload and download files to My Drive from your intranet interface.
- Add folders to My Drive from your intranet interface.
- Manage which folders are visible and available via your intranet while maintaining your robust file structure on My Drive.
- Engage with files: Download, like, favorite, share, preview, and create new versions of files.
Need to know
- As of the Gorgonio release, organizations will be able to integrate Google Shared Drive on top of our My Drive integration, promoting more knowledge sharing and collaboration. This Google Drive extension will allow App managers to pick and choose which Google Drive components (My Drive and/or Shared Drive) they want to enable on the app level. Once enabled, Shared Drive content will be discoverable in Global Search, and Site managers can link a Shared Drive to a site.
- The Google Drive integration pushes access permissions based on Site membership from your intranet to Google Drive via Google Groups. E.g. You have a public site with a mandatory global audience, making all users members of that site. When Site managers are added to the site, they will be automatically given Edit access to the applicable Google Drive Folders. When new members are added to the site, they will automatically receive Read access to the same folders.
- When Google Drive is enabled on your intranet, and you set up file access based on Simpplr permissions (as opposed to Google permissions), an all-company group will be created in the Google Drive’s service account.
- When a user connects their Google Drive account to their user profile on the intranet, they will be added to the all-company group and will gain access to Google Drive folders currently connected to any sites of which they are members. Only connected folders will be indexed for search via Simpplr.
- When Google Drive is enabled on your intranet, an application root folder will be created in the Google Drive service account and is used to define search parameters.
- Even though site members can access the folders once connected to a site (if set up with Simpplr permissions as opposed to Google Drive permissions), those folders will not appear in their Google Drive. If a user wants to navigate to the folder structure, they will need the URL of that folder to get to it.
- Roles:
-
- Google Suite Super Administrator or Group Administrator - Simpplr will need to use the Admin's account to do the initial connection for the entire application.
- Site owner - This is the overall person responsible for the site, and the role that can enable connection to external files in the Manage site menu. Can connect Google Drive Folders.
- Site managers - Once the Site owner enables Google Drive connection, Site managers can add additional folder structures and connect files from those folders to content.
- Content managers/End users - Content managers can only access Google Drive content once the connection has been set up by the Site managers/owner. Once connected, they can attach files directly from the Google Drive to content on their site.
Security overview
My Drive vs Shared Drives
When connecting the Google Drive account, App managers choose to connect with Simpplr:
- both Shared Drives and My Drive content (default)
- only My Drive content
Enable sharing from My Drive only
If only My Drive is enabled, users will only be able to access and link files from their personal My Drives.
Access permissions
If a user doesn't have access to My Drive files displayed on a site, you have two options to display:
- Display ‘Open in Google Drive’ action (recommended). This will prompt the user to open the file in Google Drive, where they can request access to view it.
- Do not display ‘Open in Google Drive’ action. This will not display any action for the user, and the user will not be able to see the file.
-
To initiate the integration, the Google Super Admin or Group Admin can connect as the G Suite Admin account. The Admin will be asked to provide the following access:
-
Then each user will need to connect their account at the profile level under their Profile & settings menu. The End user will only need to do this once.
Note:
If your organization is on the Laki release or later (or if you're using Google multi-domain and not switching to it from previously using Simpplr-managed permissions), then we don’t require nor do we ask for the 'manage groups' permission. However, if a user has previously granted Simpplr the manage groups permission (for example, if they were using the pre-Laki, Simpplr-managed permissions configuration), 'manage groups' permission will continue to show in the request. This is because when requesting new permissions, the Google authorization screen will always display all permissions previously granted together with the new requests, so that the user can review them all.When Google My Drive has been enabled on your app, an application root folder, as well as an all-company group will automatically be created in Google Drive’s service account.
- The folder’s name is [*app name*] root.
- The folder will only be accessible through Google Drive’s service account.
- The folder is used to define search parameters when searching for Google Drive files and folders that are linked to Simpplr.
- The all-company group is also used to define search parameters when searching for Google Drive files and folders that are linked to Simpplr.
- When users are connected to Google Drive, they’re automatically added to the all-company group and can access Google files and folders that have been linked or added to public Sites.
How the Simpplr integration affects permissions to Google Drive - Google Drive Folders
The integration is designed so that access to the target folder on your Google Drive is governed by the membership for the site you connect those folders to. As you set up your integration, new groups will be created automatically in your Google Workspace to govern permissions. Each time you connect a folder to a site, two new groups will be created to manage permissions to that folder:
- “Site Administrators” group - an editors group that provides Read/Write access for the Site owner and Site manager to the connected folder.
- “Site Users” group - a view only group that provides Read access for Content managers and Site members/End users to the connected folder.
When you add users as members to your site, they will be automatically added to the applicable Google Groups to give those users access to the target folders both via Simpplr and Google.
Once you’ve connected a Google Drive folder to your target site, your groups should look like the image below, with one “Site Administrators,” group and one “Site Users,” group. We also see the “Company Group” that was created when we connected the integration. Each time you connect a folder to a Site, “Site Administrators” and “Site Users” groups will be created to manage permissions based on your site’s membership in Simpplr. All groups within your Google Workspace are visible to all Workspace members.
Setup and ownership options
Note:
Google Shared Drive is already "shared" and "centralized" when connected. The options below are applicable to My Drive only setups.There are three options our customers use to organize their Google My Drive folders for integration with Simpplr:
Method | Description | Pros | Cons |
---|---|---|---|
Decentralized | Each Site owner is the owner of their respective Google Drive folder structure |
- Easiest to set up - Least overhead required |
- Continuity planning can be complicated - Low admin visibility |
Central Service Account | Use a service account as the owner of your Google Drive folder structure |
- Makes continuity planning easier - Gives admins more control and visibility |
- Requires admin oversight, setup, and maintenance - Use of a service account may not meet company security requirements |
Central Non-Service Account | Use a single user’s account as the owner of your Google Drive folder structure |
- Improved continuity planning - Gives admins more control and visibility |
- Requires admin oversight, setup, and maintenance |
Centralized Google Drive ownership
If you want to provide for continuity planning when several teams are using Google Drive to share documents on your intranet, centralized ownership may be for you.
The key feature of this setup is:
- One user creates a shared folder structure in their Google Drive, then shares out subfolders with Editor permissions to the appropriate team members (i.e. Site owners and managers) for storage and sharing via the integration.
In this case, the Primary folder would only be created by the central owner, then the central owner would then share the sub folders as they line up with specific sites. Access to the documents contained in those folders will be based on site membership to the target connected folder.
The below represents the structure for both the service account and the Individual central account setups listed in the matrix above.
Once the team has the Google Drive Folder structure in place, it's time to connect those folders to our respective sites. We have two options here:
- Make the centralized account the Site owner. This works for either the service account or the central user account, this is the method most focused on continuity planning. The downside is that an account not necessarily related to the content on the given site will be listed as the Site owner. The upside is that this method provides for continuity planning, and allows for various members of the team to come and go without interrupting the data connections. We strongly recommend this option.
- Make someone else the Site owner. As long as the Google Drive folder structure has already been shared with this individual, they will be able to connect the appropriate folder structure to their site. The downside to this method is that when that person leaves, we’ll need to change the site ownership and transfer the Google Drive folder structure ownership to someone else. This also puts an additional burden on the individual who owns the folder structure as they will be the one who creates new folders and generally maintains the structure from the Google side. The upside is that continuity planning is easier than the decentralized approach.
Centralized example
Let’s explore the centralized option as it would apply to an HR Department’s structure at our sample company, Atlas Medical Company. Atlas is headquartered in Chicago, USA and has facilities in Europe as well. They will be using a centralized approach, with a service account as owner. They have HR Generalists who are in charge of content for each region. So their system map may look something like:
In this case our IT team is providing the service account and primary folder structure. Below that we have a high level folder to contain all of HR and subfolders for each of the HR sites that we are working on. We will also be making the service account the Site owner for each site. Since the high level HR folder is shared with key members of the HR team, the HR team is able to manage what files go into the high level folder and subfolders within Google Drive. This setup supports change and or continuity within your company because people from the team can come and go and all of the folders will stay connected and accessible by all Site members. Once in place this method requires very little upkeep.
Decentralized Google Drive ownership
Note this only applies to those using a My Drive integration.
Here we leave folder ownership up to the Site owners of the individual sites in the intranet. This approach requires the least planning and setup, but would require the most work to maintain continuity if a Site owner leaves the company. The IT team will need to transfer the individual Google Drive Folders to the new Site owner when the original Site owner leaves.
The key characteristic to this setup is that the Site owners are also the Google Drive Folder owners. This will require the Site owner to manage and maintain the folder structure. If the Site owner leaves, then the IT team will need to transfer the Folder structure to the new Site Owner as they decommission the original Site owner’s accounts.
Decentralized example
Let’s explore the decentralized option as it would apply to an HR Department’s structure at our sample company, Atlas Medical Company. Atlas is headquartered in Chicago, USA and has facilities in Europe as well. They will be using a decentralized approach, with each Site owner as the owner of their respective folder structure. They have HR Generalists who are in charge of content for each region. So their system map might look like:
Here we see that the USA Generalist owns two Site folders, USA and Global, and our European Generalist owns the European Site Google Drive Folder. Each of these individuals will also be Site owners for their respective sites. When one of the Generalists leaves, the Google Administrator will need to transfer their folders to whomever will be the replacement Site owner to maintain the connection.
Changing site ownership
If a site’s owner or manager leaves your company, the site’s files will be unchanged. Ownership of the files in the account will need to be given to another user (by the Site owner or Google Admin), as long as that user is connected to the same account. The new Site owner will be given the root folder in their storage account, including the sub-folders contained in the root folder. If the new owner isn’t connected to the same file storage software, the original owner will receive a warning. They must choose another user, or the new designated owner must connect their account to the file storage software.
Follow the steps below to change the Site owner:
- Know which Site owner is leaving and decide who the new Site owner should be.
-
When deactivating the previous Site owner's account, have the Google Workspace admin transfer the folders to the new Site owner's account within Google. This is a standard option when deactivating Google accounts. There may be some cleanup required as the admin needs to transfer their entire Drive, not just one folder. This Google article will instruct you on how to transfer file ownership.
- Reconnect the integration at the site level using the new Site owner's account. Click here for setup at the site level instructions.
Connect Google Drive as an End user on Simpplr
As a Simpplr Standard user/Content manager, once your Application manager has set up the connection with Simpplr, you will be able to attach, share, and edit files you have access to in Google Drive, all from within your Simpplr intranet. First you must enable Google Drive on your profile. To do so:
-
Navigate to your user profile image and click Profile & settings. Once your profile is open, click Profile & settings.
-
Click External apps, then next to Google Drive, click Sign in with Google. You will be asked to allow the permissions from Google. Click Allow. Your Google account is now connected with your Simpplr interface.
-
Now when you create content and want to attach files, you'll be given the option to include files from your Google Drive account.
Connect Google Drive as a Site owner in Simpplr
As a Site owner, it is up to you to enable Google Drive functionality at the site level. To link folders to a site where Google Drive has been integrated, you must select Google Drive as the site’s file storage. To do so:
-
From your Simpplr site, go to Manage Site > Setup > External files.
- From the dropdown list, choose Google Drive. Note you can only select one file storage option per site.
Note
All Site owners and managers can link folders to a site, as long as they and the site are connected to Google Drive.
To link Google Drive folders to your site:
-
Navigate to Files from your site landing page.
-
Select the Google Drive files folder.
-
Select Link Google Drive Folder. If you can’t see this option, it is likely because:
- You need to create a new Google Drive folder first, or
- You are not the Site owner or manager.
Note
You can also create a new Google Drive folder. Doing so will create a new folder directly in Google Drive. If you create a new folder inside another folder, the permissions will be inherited from the parent folder. However, you can only create a folder inside another folder if the parent folder is linked.- Select the folder you wish to link to the Simpplr site from Shared Drives (if enabled) or My Drive.
Note
You can also unlink folders. Any folders unlinked are removed from the Site root folder. The permissions for the folder are removed from the Site group.
Connect Google Drive as an App manager in Simpplr
App managers can integrate Google Drive with their Simpplr intranet. Until Google Drive is integrated with Simpplr, your Site owners and Content managers will not be able to access My Drive and/or Shared Drives. To integrate Google Drive with Simpplr:
- Go to Manage > Application > Integrations.
- From the Domains tab, add your company's domain that's connected to Google. This is typically your email domain. You're able to add multiple domains here if your company uses more than one.
- Choose whether to connect both your org's Google Calendar and Google Drive accounts, or one or the other. Click Add domain.
-
From the Integrations tab and select File management.
- Select Google Drive.
- Choose to Enable sharing from shared drives and My Drive, or Enable sharing from My Drive (for purposes of this specific article, we'll choose only My Drive. As stated above, we strongly recommend connecting shared drives).
5. Choose your org’s access permissions (see Access permissions).
6. Click Save. Google My Drive is now integrated with Simpplr.
Linking Google Drive to sites
Once Google Shared Drives and/or My Drive are enabled, users can link Google Drive files and folders to sites, making them available for users to discover within Simpplr as well as sharing content on the site.
- Users can only link a single drive to a site.
- Users can still link multiple folders from My Drive.
How to fix the Authorization Error if the Google Workspace account won't connect
Users have reported receiving the following Google authorization error when attempting to connect at the Application level:
To fix this issue:
-
Log in to the Google Admin console.
-
From the Home page, go to Security API controls.
-
Under App access control, click MANAGE THIRD-PARTY APP ACCESS.
-
Find the “Simpplr for Google Workspace” app in the list.
-
Check the box for “Simpplr for Google Workspace” app and click Change access.
-
If the value is “Blocked” you will get above error. It should be changed to “Limited”
-
Click CHANGE.
- Navigate back to the Google Admin login from Simpplr and try connecting again.
Google Drive file search
Global search
Once Google Drive is connected, users that have connected their Simpplr profile to Google Drive can search Google Drive content directly in Simpplr.
-
If content from Shared Drives is enabled:
- Shared Drive content will be discoverable on Global Search, based on the user's Google Drive permissions.
-
If content from My Drive is enabled
-
and Simpplr permissions are used:
- then users will be able to access content linked to sites they're members of.
-
and Google Drive permissions are used:
- then users will be able to access content that was linked to sites they're members of, based on their permission set in Google Drive.
-
and Simpplr permissions are used:
Site search
Searching for Google Drive files in site search will only return files from the Shared Drive or My Drive linked to the site.
Comments
Please sign in to leave a comment.