Set up a Google Drive data store

This page describes how to create a data store and connect Google Drive to Gemini Enterprise. This connection allows Gemini Enterprise to directly retrieve information from Google Drive. Because data isn't copied into the Gemini Enterprise index, you don't need to manage data storage.

Before you begin

• You must be signed into the Google Cloud console with the same account that you use for the Google Drive instance that you plan to connect. Gemini Enterprise uses your Google Workspace customer ID to connect to Google Drive.

• To enforce data source access control and secure data in Gemini Enterprise, ensure that you have configured your identity provider.

• Verify that all the documents are accessible, either by placing them in a shared drive that is owned by the domain or by assigning the ownership to a user in the domain.

• Enable Google Workspace smart features in other Google products to connect Google Drive data to Gemini Enterprise. For information, see Turn Google Workspace smart features on or off.

Create the Google Drive data store

To create the Google Drive data store, perform the following steps:

1. In the Google Google Cloud console, go to the Gemini Enterprise page. Gemini Enterprise

2. Select or create a Google Cloud project.

3. In the navigation menu, click Data stores.

4. Click add Create data store.

5. In the Source section, search for Google Drive, and click Select.

6. In the Data section, specify the drive source for your data store. You can configure filters that scope which Google Drive content is indexed using the Google Cloud console or API:

   Console

   1. Select the drive source for your data store:
      • All: Add all drives in the workspace to the data store.
      • Folder filter: Limit search to a specific set of folders. Choose Include to scope search to only the listed folders, or Exclude to remove the listed folders from search. Then add one or more folder IDs.
      • Shared drive filter: Limit search to a specific set of shared drives. Choose Include to scope search to only the listed shared drives, or Exclude to remove the listed shared drives from search. Then add one or more shared drive IDs.
   2. For each filter type, configure Include mode or Exclude mode, but not both.
   3. To locate a folder ID or shared drive ID, navigate to the folder or shared drive in Google Drive and copy the ID from the URL. The URL follows this format: https://drive.google.com/corp/drive/folders/ID. For example, https://drive.google.com/corp/drive/folders/123456789012345678901.

   REST

   To create a data store with filters, call the setUpDataConnector method.

   Inclusion lists are set under admin_filter and exclusion lists are set under admin_exclusion_filter. For each filter type, populate the list under admin_filter or under admin_exclusion_filter, but not both.

   
      curl -X POST \
          -H "Authorization: Bearer $(gcloud auth print-access-token)" \
          -H "Content-Type: application/json" \
          -H "X-Goog-User-Project: PROJECT_ID" \
          "https://ENDPOINT_LOCATION-discoveryengine.googleapis.com/v1alpha/projects/PROJECT_ID/locations/LOCATION:setUpDataConnector" \
          -d '{
            "collectionId":"COLLECTION_ID",
            "collectionDisplayName":"COLLECTION_DISPLAY_NAME",
            "dataConnector":{
              "dataSource":"google_drive",
              "params":{
                "admin_filter":{
                  "SharedDriveIds": INCLUDED_SHARED_DRIVE_IDS,
                  "FolderIds": INCLUDED_FOLDER_IDS
                },
                "admin_exclusion_filter":{
                  "SharedDriveIds": EXCLUDED_SHARED_DRIVE_IDS,
                  "FolderIds": EXCLUDED_FOLDER_IDS
                }
              },
              "entities":[
                {
                  "entityName":"drive"
                }],
              "connectorModes":[
                "FEDERATED"
                ]
            }
          }'
      

   Replace the following:

   • PROJECT_ID: Your project ID.
   • ENDPOINT_LOCATION: The region of your application. For example, us or eu.
   • LOCATION: The multi-region of your data store: global or us.
   • COLLECTION_ID: The unique ID of the data store.
   • COLLECTION_DISPLAY_NAME: The display name of the data store.
   • INCLUDED_SHARED_DRIVE_IDS: A list of shared drive IDs to include in search, for example ["0ABCdEfGhIjKlMnOpQ"]. Use an empty list [] if you aren't setting an inclusion list for shared drives.
   • INCLUDED_FOLDER_IDS: A list of folder IDs to include in search, for example ["1AbCdEfGhIjKlMnOpQrStUvWxYz"]. Use an empty list [] if you aren't setting an inclusion list for folders.
   • EXCLUDED_SHARED_DRIVE_IDS: A list of shared drive IDs to exclude from search. Use an empty list [] if you aren't setting an exclusion list for shared drives.
   • EXCLUDED_FOLDER_IDS: A list of folder IDs to exclude from search. Use an empty list [] if you aren't setting an exclusion list for folders.

   For more details on filter types and adding filters, see Add filters to a Google Drive data store.

7. Click Continue.

8. In the Configuration section:

   1. From the Multi-region list, select the location for your data connector.
   2. In the Data connector name field, enter a name for your connector.
   3. If you selected us or eu as the location, configure the Encryption settings:
      • Select Google-managed encryption key or Cloud KMS key.
      • If you selected Cloud KMS key:
        • In the Key management type list, select the appropriate type.
        • In the Cloud KMS key list, select the key.
      For more information, see Customer-managed encryption keys.

9. Click Continue.

10. In the Billing section, select General pricing or Configurable pricing. For more information, see Verify the billing status of your projects and Licenses.

11. Click Create. Gemini Enterprise creates your data store and displays your data stores on the Data Stores page.

To verify the state of the data store, do the following:

1. Navigate to the connector in the data store list and monitor its state until it changes to Active.
2. When the data store state changes from Creating to Active, the Google Drive connector is ready to be used.

After creating the data store, create an app and connect it to the Google Drive data store before executing the query.

Query execution

After you authorize Google Drive, when you enter a search query:

1. Gemini Enterprise sends your search query to the Google Drive API.

2. Gemini Enterprise blends the results with those from other sources and displays them.

Error messages and troubleshooting

The following table describes error messages, including HTTP error codes and suggested troubleshooting steps, that you might encounter when working with this Google data source.

Error code	Error message	Description	Troubleshooting
403 Permission Denied	Searching using service account credentials isn't supported for Google Workspace data stores.	The engine being searched has Google Workspace data stores, and the credentials passed are of a service account. Searching using service account credentials on Google Workspace data stores isn't supported.	Call search using user credentials, or remove Google Workspace data stores from the engine.
403 Permission Denied	Consumer accounts aren't supported for Google Workspace data stores.	Search is called using a consumer account (@gmail.com) credential, which isn't supported for Google Workspace data stores.	Remove Google Workspace data stores from the engine or use a managed Google Account.
403 Permission Denied	Customer id mismatch for data store	Search is only allowed for users who belong to same organization as Google Workspace data stores.	Remove Google Workspace data stores from the engine or contact support if the user and Google Workspace data stores are meant to be in different organizations.
403 Permission Denied	Workspace access for Agentspace disabled by organization administrator.	A Google Workspace administrator has disabled access to Google Workspace data for Gemini Enterprise.	Contact your Google Workspace administrator to enable access.

For common search issues that you encounter when querying your Google Drive data, see Common search issues.

What's next

• To provide a user interface for querying your data, create an app and connect it to the Google Drive data store.
• To add or update folder and shared drive filters on your data store, see Add filters to a Google Drive data store.
• To preview how your search results appear after your app is set up, see Get search results.
• To enable alerts for the data store, see Configure alerts for third-party data stores.
• If your app wasn't initially configured to include cross-domain documents, enable the Include cross-domain documents feature in the Manage web app features settings. For more information, see Manage web app features.