When using a G Suite environment an administrator of the G Suite domain can authorize an application to access user data on behalf of users in the G Suite domain.

Scanshare v4.10 adds support for G Suite for the SSO integration, just like the existing AD integration, and for domain wide access over Google Drive organization user accounts.

Note: this procedure is only needed when requiring Google Drive organization access while not if using only SSO integration.

In order to allow Scanshare access Google Drive user data, an administrator of the G Suite domain must complete the following steps:

  1. Go to your G Suite domain’s Admin console
  2. Select Security from the list of controls. If you don't see Security listed, select More controls from the gray bar at the bottom of the page, then select Security from the list of controls. If you can't see the controls, make sure you're signed in as an administrator for the domain.
  3. Select Show more and then Advanced settings from the list of options. 
  4. Select Manage API client access in the Authentication section.
  5. In the Client Name field enter the service account's Client ID. You can find your service account's Client ID here:
    • Scanshare: 108229993764655560821
    • Document Navigator: 110492846635279799572
    • e-Bridge Capture & Store: 102972628479766115559
    • convert + share: 102241918506285780042
    • ScanZ: 111413306658788104582
  6. In the One or More API Scopes field enter the list of scopes that your application should be granted access to. in our application needs domain-wide access to the Google Drive API - Google Drive File - Google Drive Metadata, so you can copy and cut this scope: 
    •    https://www.googleapis.com/auth/drive,https://www.googleapis.com/auth/drive.file,https://www.googleapis.com/auth/drive.metadata
  7. Click Authorize.

 

Your application now has the authority to make API calls as users in your domain (to "impersonate" users). When you prepare to make authorized API calls, you specify the user to impersonate.

In order to complete the G Suite setup create a SSO profile with the "Request Drive Domain Access" check box enabled in order to complete the administrator OAuth registration.

For more info about it, please visit the Official Google Guide: https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority