We have a web .NET in-house system that we want to integrate with Google Drive, on folders that are also used in our organization only.
If I understand correctly, I should use a service account for this, so our .NET system can call the Drive API without any 'user'.
I have created the service account, shared test shared folder to this account, and successfully tested a call from the .NET app to the Drive API.
My problem is that there are shared drives that should be accessed by the service account, with the 'Allow people outside of to access files' turned off. This is because the contents of the shared drives must not be accessible from outside the organization.
Is there a setting to allow this access for the service account? For example add the service account to the organization? Or some sort of role for the service account to allow this?
Thanks in advance!
Service accounts do not belong to your organization, and you cannot just make them part of it, so instead you have to use domain-wide delegation to impersonate a user who does have access to the shared drive. In a nutshell, the process is like this:
For convenience you could consider creating a user who exists solely to be impersonated by the service account, or designate one of your current users as the conduit for these API calls. It may seem odd that you still need a user account when you are using a service account, but this is normal for certain APIs and actions that can only be performed by users in the domain. I suggest you check out the service account overview for more information.