Skip to main content

Google Drive Integration

The Google Drive integration connects Harmony to your organization's Google Drive so that Companion and Harmony can search, read, and reference Drive documents — pulling context from spreadsheets, slides, PDFs, and other files into transcripts, insights, and Companion answers. Like the rest of Google's APIs, Drive uses OAuth 2.0 for authorization — which means you (the workspace admin) register a Google Cloud OAuth application, enable the Google Drive API on it, and paste the resulting Client ID and Client Secret back into the Harmony setup form.

Once configured at the workspace level, anyone in your organization who connects Google Drive will be routed through your own Google Cloud OAuth app — you don't have to share credentials, and each user still controls which Drive account is connected.

Configuring the Google Drive integration at the workspace level requires the integrations:write:all permission. See Roles and permissions. Once the workspace credentials are saved, individual users can connect their own Google Drive from Marketplace → Apps → Google Drive.

Step 1. Open the Marketplace

In Harmony, open the Marketplace tab from the sidebar and select the Google Drive integration tile.

Step 2. Click "Set up"

After clicking Set up, Harmony shows a setup form. This form contains everything you need to wire your Google Cloud OAuth application to Harmony, including:

  1. The Redirect URI to register in Google Cloud.
  2. The list of required OAuth scopes.
  3. A field for the Client ID.
  4. A field for the Client Secret.

You will copy values from this form into your Google Cloud setup, then copy the generated Client ID and Client Secret back into this same form. Google uses OAuth 2.0 for this authorization flow.

Step 3. Open Google Cloud Console and prepare a project

Sign in to the Google Cloud Console and create a new project (or select an existing one) to host this integration. Google recommends using a dedicated project for OAuth-based access to Google APIs so that scopes, credentials, and audit history stay isolated from other workloads.

If you have already created a Google Cloud project for the Google Meet, Google Email, or Google Calendar integration, you can reuse it here — just enable the Google Drive API on the same project in the next step. Each integration still needs its own OAuth client (Client ID + Client Secret), since each one uses a different redirect URI.

Step 4. Enable the required API

Inside the project, enable the API that the Google Drive integration needs. Google OAuth integrations require the relevant API access to be enabled before authorization can complete successfully.

Enable the following API:

  • Google Drive API

Step 5. Set up the Google Auth Platform

Once the API is enabled, configure the Google Auth Platform / OAuth consent screen. This is the screen users see when Google asks them to authorize the application.

5.1 App information

Fill in the basic app details:

  • App name — what users see on Google's consent screen (for example, "Harmony — Google Drive").
  • User support email — a contact address users can reach if something goes wrong with authorization.

5.2 Audience

Select External as the audience type so anyone in your organization (and any guest users you invite) can authorize the app.

5.3 Contact information

Provide the required developer contact email addresses. Google sends notifications about your OAuth app — such as verification updates or policy issues — to these addresses.

5.4 Finish

Review all the information and click Create to complete the Google Auth Platform setup.

Step 6. Add the required scopes

Copy the scopes shown in the Harmony setup form and paste them into the Google Auth Platform configuration, then save the selected scopes.

The setup form lists the minimum scopes the Drive integration needs. Adding fewer scopes will cause features such as listing files, reading file content, or searching across Drive to fail. Adding extra scopes is unnecessary and may delay Google's app verification — Drive scopes are considered sensitive by Google, so requesting more than you need can extend the verification process.

Step 7. Create the Client ID and Client Secret

Step 7.1 Choose application type

Set the application type to Web application and give it a recognizable name — for example, "Harmony — Google Drive".

Step 7.2 Set Authorized JavaScript origins

Set Authorized JavaScript origins to:

https://app.heyharmony.com

Step 7.3 Set Authorized redirect URIs

Set Authorized redirect URIs to the value shown in the Harmony setup form. For Google Drive this is:

https://app.heyharmony.com/integrations/oauth/google-drive/callback

Google compares the redirect URI character-for-character at sign-in time. A trailing slash, an extra path segment, or http:// instead of https:// will cause the authorization to fail with an "Access blocked: invalid request" error.

Step 7.4 Copy the Client ID and Client Secret

After clicking Create, Google shows a panel with your Client ID and Client Secret. Copy both values — you will paste them back into Harmony in the next step.

Treat the Client Secret like a password. Anyone with both the Client ID and Client Secret can impersonate the integration. If a secret leaks, rotate it in Google Cloud and update it in Harmony.

Step 8. Paste the credentials into Harmony

Return to the Harmony setup form and paste the Client ID and Client Secret into the matching fields, then save.

Once saved, Harmony shows a summary of the configured application on the right side of the integration page so you can confirm the values at a glance.

From now on, anyone in your organization who connects Google Drive from Marketplace → Apps → Google Drive will be routed through your OAuth application. Each user signs in with their own Google account and grants access to their own Drive — Harmony does not share files between users.

What the Google Drive integration unlocks

Once a user connects Google Drive, Harmony and Companion can:

  • Search Drive files by name, owner, or content to ground Companion answers in your team's real documents.
  • Read file contents — Docs, Sheets, Slides, PDFs, and common text formats — so Companion can summarise, quote, or answer questions about specific files when the user references them.
  • Attach Drive files as context in Companion threads, action items, and meeting notes.
  • Resolve Drive links shared in meetings or chats into rich previews and contextual data, so transcripts and insights stay connected to source documents.

Drive data is scoped to the individual user who connected it. Connecting Google Drive at the workspace level only stores the OAuth application credentials — it does not give admins access to anyone's personal Drive.

Troubleshooting

  • "Access blocked: This app's request is invalid" — the Authorized redirect URI in Google Cloud does not exactly match the one shown in the Harmony setup form. Re-check the URI character-for-character, including the /integrations/oauth/google-drive/callback path.
  • "Error 403: access_denied" after authorization — one or more required scopes were not added on the OAuth consent screen, or the Google Drive API was not enabled in Step 4. Re-check the scope list and that the API is enabled in the same project as the OAuth client.
  • Authorization succeeds but files don't appear in search — confirm that the Google Drive API is enabled on the same Google Cloud project the OAuth credentials belong to, not a sibling project. Also confirm the user has at least one accessible file in the Drive account they signed in with.
  • Drive scopes are flagged as "sensitive" during verification — this is expected. Google treats Drive scopes (especially full-Drive read access) as sensitive or restricted, which extends verification. Only request the scopes Harmony's setup form lists, and make sure your privacy policy and terms of service URLs are reachable on the OAuth consent screen.
  • You need to rotate the secret — generate a new client secret in Google Cloud, then update it in the Harmony setup form. The Client ID can stay the same; existing user connections do not need to be rebuilt.
  • "This app isn't verified" warning shown to users — while your OAuth app is still in Testing or pending Google verification, users see an "unverified app" screen. They can still continue if they trust the workspace. For production rollout, submit the app for verification from the Google Auth Platform page.