Configuring the Google Drive for Organizations app

AI Companion on the web allows users to ask questions and retrieve information from your Zoom content or connected sources in your browser. The Google Drive for Organizations app allows AI Companion to use content from your organization’s Google Workspace as contextual information for AI Companion on the web.

When enabled by account admins and connected by users, AI Companion can access supported Google Drive and Google Workspace directory content to understand organizational context, surface relevant information, and assist users more effectively in their daily work.

Account admins can configure this app connection to map with your organization's existing Google Drive permissions. Content is only accessible according to the permissions already granted in Google Workspace, and no additional access is introduced.

Requirements for configuring the Google Drive for Organizations apps

• Google Workspace admin access: Super Admin or delegated admin with appropriate privileges
• Google Cloud platform access with the ability to create projects and service accounts
• Zoom admin account with access to configure the Zoom Data Connector
• AI Companion enabled
• Custom AI Companion add-on

How to configure the Google Drive for Organizations apps

Step 1: Create a Google Cloud project

1. Access the Google Cloud Console.
2. At the top of the page, click the project dropdown.
3. Click New Project.
4. Enter a descriptive project name (for example, zoom-gdrive-connector).
5. Select your organization from the dropdown.
6. Click Create.

Step 2: Enable required APIs in your Google Cloud project

1. In your Google Cloud project, access APIs & Services, then click Library.
2. Search for and enable each of the following APIs:

Step 3: Create a Service Account

1. Access IAM & Admin, then access Service Accounts.
2. Click Create Service Account.
3. Enter the following details:
   • Service Account Name: zoom-gdrive-connector
   • Service Account ID: (auto-generated or customized)
   • Description: Service account for Zoom Data Connector
4. Click Create and Continue.
5. Skip the optional role assignment (because no GCP roles are required).
6. Click Done.

Generate Service Account key

1. Click the newly created service account.
2. Access the Keys tab.
3. Click Add Key, then click Create new key.
4. Select JSON format.
5. Click Create.
6. Securely store the downloaded JSON key file.

Note: The JSON key file contains sensitive credentials. Store it securely.

Note the Unique ID (Client ID)

1. In the Service Account details page, locate the Unique ID field.
2. Copy the 21-digit numeric ID.
   Note: This is required for Domain-Wide Delegation.

Step 4: Configure Domain-Wide Delegation

Domain-Wide Delegation allows the Service Account to impersonate users within your Google Workspace domain, enabling access to their Google Drive content while respecting permissions.

Understand domain-wide delegation

Without domain-wide delegation, the service account can only access files explicitly shared with it. Domain-wide delegation enables:

• Access to all users' My Drive files (within scope)
• Access to Shared Drives across the organization
• User and group information for permission enforcement
• Activity tracking for incremental sync

Configure in Google Workspace Admin Console

1. Sign in to the Google Workspace Admin Console as a Super Admin
2. Access Security, then Access and data control, then click API controls.
3. Under Domain-wide delegation, click Manage Domain Wide Delegation.
4. Click Add new.
5. Enter the following:
   • Client ID: The 21-digit unique ID.
   • OAuth Scopes: Copy and paste the scopes below (comma-separated).
6. Click Authorize.

Required OAuth Scopes

https://www.googleapis.com/auth/admin.directory.domain.readonly,https://www.googleapis.com/auth/admin.directory.group.readonly,https://www.googleapis.com/auth/admin.directory.user.readonly,https://www.googleapis.com/auth/drive.readonly,https://www.googleapis.com/auth/admin.reports.audit.readonly

(Optional) Step 5: Create an admin role

Instead of using a Super Admin account for impersonation, you can create a custom admin role with minimal required privileges.

Create a custom admin role

1. Access Google Admin Roles.
2. Click Create new role.
3. Enter this name for the role: Zoom Data Connector.
4. Click Continue.

Assign privileges

1. Under Admin Console Privileges, select:
   

   Category	Privilege
   Users	Read
   Services > Drive and Docs	Settings

2. Under Admin API Privileges, select:
   

   Category	Privilege
   Organization units	Read
   Users	Read
   Groups	Read
   Domain Management	All
   Reports	All

3. Click Continue, then click Create Role.
4. Assign the role to a user.
   Note: The user can be a dedicated service user or an existing admin.
5. Use this user's email as the Directory Admin Email when configuring the Zoom Google Data Connector.

Step 6: Create the connection

1. Sign in to the Zoom web portal.
2. In the navigation menu, click AI Studio then Integrations.
3. Search for and select Google Drive from the list of available data sources.
4. Click Connect.
5. Input your service account JSON key.
6. Click Submit to finish the service account setup.
7. Return to the Integrations page, then refresh the page after finishing.

Step 7: Set up Data Source

1. Locate Google Drive in your list of connected data sources.
2. Click Data source settings.
3. Configure your Google Workspace directory admin email.
   Note: The directory admin email could be an existing admin with appropriate permissions or a newly created user.
4. Configure inclusion and exclusion rules to define which content scopes should sync to Zoom.
5. Set up user mappings to establish the relationship between Zoom users and their corresponding Google accounts.
6. Click Save and start first sync to begin the synchronization process.
7. Monitor the sync progress on the dashboard until completion.

How to disconnect the Google Drive integration

If you need to remove the Google Drive integration from your Zoom account, follow these steps:

1. Sign in to the Zoom web portal.
2. In the navigation menu, click AI Studio then Integrations.
3. Locate Google Drive in your list of connected integrations.
4. Next to the Google Drive app, click the Delete button.
   A confirmation window will appear.
5. In the window, confirm the deletion.

Note: Disconnecting the integration will remove Zoom's access to your Google Drive content and stop all data synchronization. This action cannot be undone, but you can reconnect the integration at any time by following the setup steps again.

How your data is used

• The Google Drive for Organizations app grants Zoom secure access to your organization’s Google Drive content, including personal drives, shared drives, and Google Workspace files.
• Access to content respects the permissions configured in Google Drive. AI Companion can only use content that users are already authorized to view, respecting existing access controls and data boundaries remain unchanged.
• When enabled and synced, supported Google Drive content is indexed and made available through Zoom AI Companion on the web, allowing users to find, summarize, and receive context-aware assistance based on their permitted data.
• Your organization retains ownership and control of its Google Workspace data, and the integration provides read-only access only.

Google Workspace data available to AI Companion

AI Companion can use the following Google Workspace content as data sources:

• Personal Drives (My Drive): Files owned by individual users
• Shared Drives: Team-based shared drives used across the organization
• Native Google files: Google Docs, Sheets, Slides, and other Google Workspace file types
• Uploaded files: PDFs, images, presentations, documents, and other supported formats
• Google Workspace directory information: Domains, users, groups, and group memberships

Required OAuth scopes

The following table details each OAuth scope and its purpose:

Additional resources

Learn more about detailed instructions on manually creating a service account and configuring domain-wide delegation.