Skip to main content
Skip table of contents

Google Drive

What is Google Drive?

Google Drive provides cloud storage for files, where users can access, share, and sync files.

Why Should You Use the Google Drive Connector?

The Google Drive connector provides visibility into cloud storage assets in your environment. You can use this visibility to:

  • ensure assets are managed per your data loss policies

  • find vulnerabilities quickly and remediate

How Does This Connector Work?

Lucidum executes read-only requests to the Google Drive REST API and ingests only meta-data about Google Drive assets. Lucidum does not retrieve any data stored on your assets.

Configuring the Connector in Lucidum




JSON Key File

Upload a JSON file that includes the API key for the Google Drive API.



Delegate Email

iEmail of an admin account. For example, the email of Google Workspace (G-Suite) admin.

Source Documentation

Creating a Service Account, API Key, and JSON File for Lucidum

To create an account for Lucidum to access Google Drive:

  1. Go to the Google Cloud Console and select the project that you want to create the service account in. Or you can create a new project as needed by clicking “NEW PROJECT” at the top:

  2. Enable Cloud APIs

    • Go to APIs & Services -> Dashboard.

    • Verify the following APIs are listed in the dashboard. If an API does not appear in the list, click ENABLE APIS AND SERVICES at the top of the page, search for it and click Enable.

      • Admin SDK API - Required for the basic data fetch.

      • Cloud Identity API - Required only to fetch Cloud Identity devices.

      • Drive Activity API, Google Drive API - Required to fetch Google Drive data.

  3. Create a Service Account for Lucidum data connector

    • Go to IAM & Admin → Service Accounts → CREATE SERVICE ACCOUNT

    • Fill in the details for Step 1 and click DONE (Step 2 and 3 are optional):

    • The service account does not require any roles if permissions are asked:

    • Select the newly created service account, and click Manage details under the Action:

    • On the “DETAILS” tab, click Show Domain-Wide Delegation:

    • Select Enable Google Workspace Domain-wide Delegation and click SAVE

    • On the same “DETAILS” page, copy the “Unique ID”. This is the Client ID to be used later.

  4. Create JSON key for the new service account

    • Go to KEYS tab → ADD KEY → Select Key type as JSON → Click CREATE

    • The JSON key will be downloaded automatically. Save this JSON key as it will be used in the Lucidum connector.

Creating the Delegate Email

  1. Go to Google Workspace ( and click on Admin console. You must be a Workspace Admin to access the console

  2. Under the Google Admin console, go to Security → API Controls → MANAGE DOMAIN WIDE DELEGATION:

  3. Click “Add new”, specify the Client ID of the service account from the previous section, which can be found from the downloaded JSON file as well. In the OAuth scopes section, specify the required scopes for different Google services, and click “AUTHORIZE”, for example,

    The required scopes are listed below:

  4. Provide your Google Workspace’s admin email address to Lucidum (generally, this is the email address used to log into the Google Workspace Admin console in Steps 1-3. It should be different from the service account email address). The service account will then access the Google services by impersonating this user account.

  5. For more details, see

Required Permissions

The user you create for Lucidum requires the following scopes:



API Documentation

API for Google Drive:

API for Google Drive Activity:

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.