Skip to main content
The Google Workspace connector enables Omni to index and search content from your organization’s Google Workspace environment, including Drive, Docs, Sheets, Slides, and optionally Gmail.

Overview

What Gets Indexed

SourceContent
Google DriveFiles, folders, and metadata
Google DocsFull document text and comments
Google SheetsSheet names, cell content, and formulas
Google SlidesSlide text and speaker notes
Gmail (optional)Email subjects, bodies, and supported attachments

How It Works

  1. A service account with domain-wide delegation accesses Google Workspace APIs
  2. The connector syncs content based on user permissions
  3. Permission inheritance ensures users only see content they have access to in Google Workspace
The connector uses read-only access. Omni cannot modify any content in your Google Workspace.

Prerequisites

Before setting up the Google Workspace connector, ensure you have:
  • Google Cloud Platform account with billing enabled
  • Google Workspace admin access (Super Admin or delegated admin)
  • Google Cloud CLI (gcloud) installed and authenticated (optional, for enabling APIs via CLI)

Setup

Step 1: Create a Google Cloud Project

  1. Go to the Google Cloud Console
  2. Click Select a projectNew Project
  3. Enter project name: omni-workspace-integration
  4. Select your organization
  5. Click Create

Step 2: Enable Required APIs

In your new project, enable these APIs: 
gcloud services enable admin.googleapis.com
gcloud services enable drive.googleapis.com
gcloud services enable gmail.googleapis.com
gcloud services enable docs.googleapis.com
gcloud services enable sheets.googleapis.com
gcloud services enable slides.googleapis.com
Or enable via Console: APIs & ServicesLibrary → Search and enable each API.

Step 3: Create Service Account

  1. Go to IAM & AdminService Accounts
  2. Click Create Service Account
  3. Name: omni-workspace-connector
  4. Description: Service account for Omni Google Workspace integration
  5. Click Create and Continue
  6. Skip the optional steps and click Done

Step 4: Get the Client ID

  1. Click on the newly created service account
  2. Go to the Details tab
  3. Under Advanced settings, copy the Client ID (also shown as the service account’s Unique ID) — you’ll need this in Step 6 to authorize domain-wide delegation

Step 5: Create Service Account Key

  1. Go to the Keys tab
  2. Click Add KeyCreate new key
  3. Select JSON format
  4. Click Create
  5. Save the downloaded key file securely
This key file provides access to your entire Google Workspace domain. Store it securely and never commit it to version control.

Step 6: Configure Domain-Wide Delegation in Admin Console

  1. Open the Google Workspace Admin Console
  2. Navigate to SecurityAccess and data controlAPI controls
  3. Click Manage Domain Wide Delegation
  4. Click Add new
  5. Enter the Client ID from Step 4
  6. Add the following OAuth scopes:
https://www.googleapis.com/auth/admin.directory.user.readonly,
https://www.googleapis.com/auth/admin.directory.group.readonly,
https://www.googleapis.com/auth/drive.readonly,
https://www.googleapis.com/auth/gmail.readonly,
https://www.googleapis.com/auth/documents.readonly,
https://www.googleapis.com/auth/spreadsheets.readonly,
https://www.googleapis.com/auth/presentations.readonly
  1. Click Authorize
If Gmail access is not needed, exclude https://www.googleapis.com/auth/gmail.readonly from the scopes.

Step 7: Configure Omni

  1. Navigate to SettingsIntegrations in Omni
  2. Find Google Workspace and click Connect
  3. Choose whether to create Google Drive, Gmail, or both sources
  4. Paste the contents of the service account key file from Step 5
  5. Enter your Google Workspace domain
  6. Enter the admin email address
  7. Click Connect
  8. Use Settings on the Drive or Gmail source to adjust source settings, then click Sync to start the initial sync
Your Google Workspace connector is now configured. Initial indexing may take a while, depending on the amount of content in your Google account.

Managing the Integration

Gmail Attachments

When Gmail is enabled, Omni indexes supported message attachments in addition to message bodies. Supported attachment formats include PDFs, DOCX, XLSX, PPTX, XLS, text, HTML, CSV, and Markdown. Unsupported binary formats are skipped.

User OAuth for Tools

The service account handles org-wide indexing. Some AI assistant tools require a user’s own Google authorization instead of the service account. Configure the Google client from SettingsIntegrationsOAuth Apps, then use the shared redirect URI shown there when creating the OAuth client in Google Cloud. When a tool needs user authorization, the chat UI prompts the user to connect their Google account.

Viewing Sync Status

Navigate to SettingsIntegrations to view the sync status for each source directly on the list, including last sync time, number of indexed items, and any errors. Click Settings on a source for more details and sync history.

Rotating Service Account Keys

It’s recommended to rotate service account keys every 90 days.
  1. Create a new key in Google Cloud Console
  2. Update the key in Omni settings
  3. Delete the old key

Removing the Integration

  1. Navigate to SettingsIntegrations
  2. Click Settings against the Google Workspace source
  3. Click Delete Permanently
  4. Optionally, delete the service account in Google Cloud and remove the domain-wide delegation entry in Admin Console

Troubleshooting

The setup requires:
  • Project Creator - to create the GCP project
  • Google Workspace Super Admin - for domain-wide delegation
Some permissions may take 10-15 minutes to propagate.
APIs may take a few minutes to propagate after enabling. Check status:
gcloud services list --enabled --project=YOUR_PROJECT_ID
Common causes:
  • Client ID mismatch - verify the ID in Admin Console matches the service account
  • Missing scopes - ensure all required scopes are added
  • Propagation delay - wait 5-10 minutes for changes to take effect
  • Wrong admin email - ensure the admin email has Google Workspace admin privileges
Initial sync duration depends on:
  • Number of users in your organization
  • Amount of content in Drive and Gmail
  • API quota limits
For large organizations (1000+ users), initial sync may take 24-48 hours. You can monitor progress in the Omni admin panel.

Security Considerations

  • Read-only access: The service account only has read permissions
  • Permission inheritance: Users only see content they can access in Google Workspace
  • Key security: Service account keys should be treated like passwords
  • Audit logging: Enable Cloud Audit Logs to monitor API access
  • Key rotation: Rotate service account keys every 90 days

What’s Next

Search Your Data

Learn how to search across Google Workspace content

AI Assistant

Ask questions about your documents and emails

Add More Connectors

Connect additional data sources