Product UpdatesStatus PageWorkato Academy
English
Get a trial
Workato GO
Data sources
Configure a data source for ingestion

# Google data source configuration

You must configure Google Drive, Google Calendar, and Gmail to allow Workato GO to impersonate a user with certain privileges through domain-wide delegation.

PRIVILEGE REQUIREMENTS

You must have Google Super Admin privileges to complete this configuration.

# Enable APIs

Complete the following steps to enable the Google APIs you plan to use with Workato GO:

1

Go to the Google Cloud Console API library (opens new window).

2

Search for and select Admin SDK API and then click Enable.

REQUIRED FOR INDEX CRAWLING

You must enable the Admin SDK to allow index crawling.

3

Search for and select Google Drive API and then click Enable.

4

Search for and select Google Calendar API and then click Enable.

5

Search for and select Gmail API and then click Enable.

# Create a custom admin role

Complete the following steps to create a custom admin role:

1

Go to the Google admin roles page (opens new window).

2

Click Create new role and name the role Workato AI.

3

Click Continue.

4

Go to Admin Console Privileges and select the following permissions:

  • Organization Units > Read
  • Users > Read
  • Services > Drive and Docs > Settings
  • Reports
5

Go to Admin API Privileges and select the following permissions:

  • Organization Units > Read
  • Users > Read
  • Groups > Read
6

Click Continue > Create Role. Google redirects you to a page where you can assign users to the Workato AI role you created in the preceding steps.

7

Click Assign members and then add a Google Workspace user. This user must have logged in at least once to the Google Workspace and accepted the Terms of Service.

8

Click Assign role.

9

Go Data Source and enter the email of the user in the Directory admin email.

# Create a service account in Google Cloud Console

Complete the following steps to create a service account:

1

Go to Google Service Accounts (opens new window) in Google Cloud Console.

2

Create the Service account and skip the optional steps.

3

Go to Advanced Settings.

4

Copy and store the Client ID in a secure location. This value is required to complete your data source configuration.

# Add API scopes

Complete the following steps to add API scopes to your service account:

1

Go to Google Admin Console and sign in as an admin.

2

Go to the Domain-wide Delegation section.

3

Click Add new and paste your client ID into the Client ID field.

4

Copy and paste the following values into the OAuth scopes (comma-delimited) field, depending on your use case:

  • Gmail, Calendar, Drive, and Directory scopes:
https://www.googleapis.com/auth/admin.directory.group.readonly,https://www.googleapis.com/auth/admin.directory.user.readonly,https://www.googleapis.com/auth/drive.readonly,https://www.googleapis.com/auth/admin.reports.audit.readonly,https://www.googleapis.com/auth/calendar.readonly,https://www.googleapis.com/auth/gmail.readonly

  • Drive and Directory scopes only:
https://www.googleapis.com/auth/admin.directory.group.readonly,https://www.googleapis.com/auth/admin.directory.user.readonly,https://www.googleapis.com/auth/drive.readonly,https://www.googleapis.com/auth/admin.reports.audit.readonly
5

Click Authorize.

# Limit Google Drive crawler scope

Workato GO integrates with Google Drive to support enterprise search and automation across your organization's documents. You can use the google_drive.user_allowlist property to limit the crawler scope to specific users' files and shared content. You can use this property to enable the following:

  • Limit indexing to a pilot group or specific departments.
  • Restrict access to sensitive content for compliance.
  • Reduce crawl volume for performance or privacy reasons.

The google_drive.user_allowlist property value is a comma-separated list of email addresses.

Complete the following steps to limit the crawler scope in Google Drive:

1

Sign in to your Workato GO account.

2

Expand the Admin menu in the sidebar and click Advanced.

3

Click Add Organization Property.

4

Enter a name for your property. For example: limit_google_drive_crawl

5

Enter the Google Drive allowlist property. You must separate user email addresses with commas. For example:

google_drive.user_allowlist = "[email protected],[email protected],[email protected]"
6

Click Submit.

Configure a data source for ingestion
Highspot


Last updated: 7/15/2025, 5:16:26 PM

On this page