Gemini Enterprise can search data from Google Drive using data federation, which directly retrieves information from the specified data source. Because data isn't copied into the Vertex AI Search index, you don't need to worry about data storage.
Before you begin
- You must be signed into the Google Cloud console with the same account that you use for the Google Drive instance that you plan to connect. Gemini Enterprise uses your Google Workspace customer ID to connect to Google Drive.
- To enforce data source access control and secure data in Gemini Enterprise, ensure that you have configured your identity provider.
- Verify that all the documents are accessible, either by placing them in a shared drive that is owned by the domain or by assigning the ownership to a user in the domain. 
- Enable Google Workspace smart features in other Google products to connect Google Drive data to Gemini Enterprise. For information, see Turn Google Workspace smart features on or off. 
- If you use security controls, be aware of their limitations related to data in Google Drive, as discussed in the following table: - Security control - Note the following - Data Residency (DRZ) - Gemini Enterprise only guarantees data residency in Google Cloud. For information about data residency and Google Drive, see Google Workspace compliance guidance and documentation—for example, Choose the region where data is stored and Digital sovereignty. - Customer-managed encryption keys (CMEK) - Your keys only encrypt data within Google Cloud. Cloud Key Management Service controls don't apply to data stored in Google Drive. - Access Transparency - Access Transparency logs actions taken by Google personnel on the Google Cloud project. You'll also need to review the Access Transparency logs created by Google Workspace. For more information, see Access Transparency log events in the Google Workspace Admin Help documentation. 
Create a Google Drive data store
Console
To use the console to make Google Drive data searchable, follow these steps:
- In the Google Cloud console, go to the Gemini Enterprise page. 
- In the navigation menu, click Data Stores. 
- Click Create Data Store.   - Create a new data store. 
- On the Select a data source page, select Google Drive. 
- Specify the drive source for your data store. - All: To add your entire drive to the data store.
- Specific shared drive(s): Add the shared drive's folder ID.
- Specific shared folder(s): Add the shared folders' ID.
 - To locate the shared drive's folder ID or a specific folder ID, navigate to the shared drive or folder and copy the ID from the URL. The URL follows this format: - https://drive.google.com/corp/drive/folders/ID.- For example, - https://drive.google.com/corp/drive/folders/123456789012345678901.  - Specify the drive source. 
- Click Continue. 
- Choose a region for your data store. 
- Enter a name for your data store. 
- Optional: To exclude the data in this data store from being used for generative AI content when you query data using the app, click Generative AI options and select Exclude from generative AI features. 
- Click Create. 
Error messages
The following table describes error messages that you might encounter when working with this Google data source, and includes HTTP error codes and suggested troubleshooting steps.
| Error code | Error message | Description | Troubleshooting | 
|---|---|---|---|
| 403 (Permission Denied) | Searching using service account credentials isn't supported for Google Workspace data stores. | The engine being searched has Google Workspace data stores, and the credentials passed are of a service account. Searching using service account credentials on Google Workspace data stores isn't supported. | Call search using user credentials, or remove Google Workspace data stores from the engine. | 
| 403 (Permission Denied) | Consumer accounts aren't supported for Google Workspace data stores. | Search is called using a consumer account (@gmail.com) credential, which isn't supported for Google Workspace data stores. | Remove Google Workspace data stores from the engine or use a managed Google Account. | 
| 403 (Permission Denied) | Customer id mismatch for datastore | Search is only allowed for users who belong to same organization as Google Workspace data stores. | Remove Google Workspace data stores from the engine or contact support if the user and Google Workspace data stores are meant to be in different organizations. | 
| 400 (Invalid Argument) | Engine cannot contain both default and shared Google Drive data stores. | You cannot connect a data store that has all your drives (default) and a data store that has a specific shared drives to the same app. | To connect a new Google Drive data source to your app, first unlink the unneeded data store, then add the new data store you want to use. | 
Troubleshooting
If your search doesn't return the file you're looking for, it might be due to these search index limitations:
- Only 1 MB of text and formatting data can be extracted from your file to make it searchable. 
- For most file types, file size cannot exceed 10 MB. The following are exceptions: - XLSX files (.xlsx) cannot exceed 20 MB.
- PDF files (.pdf) cannot exceed 30 MB.
- Text files (.txt) cannot exceed 100 MB.
 
- Optical character recognition in PDF files is limited to 80 pages. Any PDF that is larger than 50 MB or 80 pages isn't indexed, and keywords exceeding the 1 MB index limit aren't searchable. 
Next steps
- To attach your data store to an app, create an app and select your data store following the steps in Create an app. 
- To preview how your search results appear after your app and data store are set up, see Preview search results.