Custom Google App
- When using the default service app (IBM Tenant Management), you may encounter throttling issues caused by Google quota limits. If performance is a concern, consider configuring a custom Google app for your organization.
- If your organization wants to enable protection for the Chat/Vault service, it is necessary to configure a custom Google app.
- If your organization has configured both the default IBM Tenant Management app and a custom Google app, only the custom Google app will be used in backup and restore jobs.
- Configure a custom Google app by referring to the Create a Custom Google App section in the IBM® Storage Protect for Cloud user guide.
- Refer to the information below to enable the required APIs:
- Admin SDK API must be enabled for common functionalities.
- Gmail API must be enabled if you want to protect the Gmail data.
- Google Drive API must be enabled if you want to protect drives and shared drives.
- Drive Labels API must be enabled if you want to protect labels for drives and shared drives.
- Google Calendar API must be enabled if you want to protect calendars.
- Google People API must be enabled if you want to protect contacts.
- Google Chat API must be enabled if you want to protect chats.
After enabling the Google Chat API at Google Cloud Console, you need
to configure the app information under its CONFIGURATION tab by
following the steps below. (Note that the Chat apps are required to
access Chat data but are invisible to Google users.)
- Configure the following application information:
- App Name – Enter the name of the app.
- Avatar URL – Provide an icon for the app. Any valid URL is acceptable.
- Description – Write a brief description of the app.
- Disable the Enable Interactive features option.
- Click Save.
- Configure the following application information:
- Google Vault API and Google Cloud Storage JSON API must be enabled if you want to protect the Vault data.
- Google Classroom API must be enabled if you want to protect the Classroom data.
- Refer to the following information to configure the related OAuth
scopes:
- To protect the Google Workspace data (including Gmail, Drive, Drive
labels, Calendar, Contacts, Chat, and shared drives), you can copy and
paste the following to the OAuth
scopes:
https://www.googleapis.com/auth/admin.directory.group.readonly,https://www.googleapis.com/auth/admin.directory.user.readonly,https://www.googleapis.com/auth/admin.reports.usage.readonly,https://www.googleapis.com/auth/admin.directory.orgunit.readonly,https://mail.google.com/,https://www.googleapis.com/auth/drive,https://www.googleapis.com/auth/drive.admin.labels,https://www.googleapis.com/auth/drive.labels,https://www.googleapis.com/auth/calendar,https://www.googleapis.com/auth/contacts.other.readonly,https://www.googleapis.com/auth/contacts,https://www.googleapis.com/auth/chat.spaces.readonly,https://www.googleapis.com/auth/chat.memberships.readonly,https://www.googleapis.com/auth/chat.messages.readonly
- To protect the Google Workspace data (including Gmail, Drive, Drive
labels, Calendar, Contacts, Chat, and shared drives) and the Google
Vault data (including Gmail, Drive, and shared drives), you can copy and
paste the following to the OAuth
scopes:
https://www.googleapis.com/auth/admin.directory.group.readonly,https://www.googleapis.com/auth/admin.directory.user.readonly,https://www.googleapis.com/auth/admin.reports.usage.readonly,https://www.googleapis.com/auth/admin.directory.orgunit.readonly,https://mail.google.com/,https://www.googleapis.com/auth/drive,https://www.googleapis.com/auth/drive.admin.labels,https://www.googleapis.com/auth/drive.labels,https://www.googleapis.com/auth/calendar,https://www.googleapis.com/auth/contacts.other.readonly,https://www.googleapis.com/auth/contacts,https://www.googleapis.com/auth/chat.spaces.readonly,https://www.googleapis.com/auth/chat.memberships.readonly,https://www.googleapis.com/auth/chat.messages.readonly,https://www.googleapis.com/auth/ediscovery,https://www.googleapis.com/auth/devstorage.read_only
- To protect the Google Classroom data, you can copy and paste the
following to the OAuth
scopes:
https://www.googleapis.com/auth/admin.directory.group.readonly,https://www.googleapis.com/auth/admin.directory.user.readonly,https://www.googleapis.com/auth/admin.reports.usage.readonly,https://www.googleapis.com/auth/admin.directory.orgunit.readonly,https://www.googleapis.com/auth/classroom.courses,https://www.googleapis.com/auth/classroom.announcements,https://www.googleapis.com/auth/classroom.coursework.me,https://www.googleapis.com/auth/classroom.coursework.students,https://www.googleapis.com/auth/classroom.courseworkmaterials,https://www.googleapis.com/auth/classroom.rosters,https://www.googleapis.com/auth/classroom.profile.emails,https://www.googleapis.com/auth/classroom.topics,https://www.googleapis.com/auth/classroom.topics.readonly,https://www.googleapis.com/auth/classroom.guardianlinks.students
- To protect the Google Workspace data (including Gmail, Drive, Drive
labels, Calendar, Contacts, Chat, and shared drives), you can copy and
paste the following to the OAuth
scopes:
| Service | API | Scope | Purpose |
|---|---|---|---|
| Common | Admin SDK API | https://www.googleapis.com/auth/admin.directory.group.readonly | Retrieve groups in your domain. |
| https://www.googleapis.com/auth/admin.directory.user.readonly | Retrieve users in your domain. | ||
| https://www.googleapis.com/auth/admin.reports.usage.readonly | Retrieve your organization subscription usage for backup admins to monitor their subscription in the app. | ||
| https://www.googleapis.com/auth/admin.directory.orgunit.readonly | Retrieve organization units in your workspace | ||
| Gmail | Gmail API | https://mail.google.com/ | Back up emails and labels in Gmail for future recovery. |
| Drive | Google Drive API | https://www.googleapis.com/auth/drive | Back up folders and files under My Drive and Shared Drives for future recovery. |
| Drive label | Drive Labels API | https://www.googleapis.com/auth/drive.admin.labels | Retrieve all information of labels on files in Drives for backup and restore. |
| https://www.googleapis.com/auth/drive.labels | Back up and restore properties of labels on files in Drives. | ||
| Calendar | Google Calendar API | https://www.googleapis.com/auth/calendar | Back up calendars and events from Google Calendar for future recovery. |
| Contacts | Google People API | https://www.googleapis.com/auth/contacts.other.readonly | Back up Other contacts data. |
| https://www.googleapis.com/auth/contacts | Back up contact groups and contacts from Google Contacts for future recovery. | ||
| Chat | Google Chat API | https://www.googleapis.com/auth/chat.spaces.readonly | Retrieve all chat spaces. |
| https://www.googleapis.com/auth/chat.memberships.readonly | Retrieve the membership of each chat space. | ||
| https://www.googleapis.com/auth/chat.messages.readonly | Back up chats and related attachments. | ||
| Vault | Google Vault API | https://www.googleapis.com/auth/ediscovery | Use this API to export Google Vault data. |
| Google Cloud Storage JSON API | https://www.googleapis.com/auth/devstorage.read_only | Download the exported Google Vault data. | |
| Classroom | Google Classroom API | https://www.googleapis.com/auth/classroom.courses | Back up and restore classes. |
| https://www.googleapis.com/auth/classroom.announcements | Back up and restore announcements in classes. | ||
| https://www.googleapis.com/auth/classroom.coursework.me | Back up classwork in classes | ||
| https://www.googleapis.com/auth/classroom.coursework.students | Restore classwork in classes. | ||
| https://www.googleapis.com/auth/classroom.courseworkmaterials | Back up and restore classwork materials. | ||
| https://www.googleapis.com/auth/classroom.rosters | Back up and restore students and teachers in classes. | ||
| https://www.googleapis.com/auth/classroom.profile.emails | Retrieve email addresses in classes. | ||
| https://www.googleapis.com/auth/classroom.topics | Back up and restore topics in classes. | ||
| https://www.googleapis.com/auth/classroom.topics.readonly | Retrieve information of topics. | ||
| https://www.googleapis.com/auth/classroom.guardianlinks.students | Retrieve guardians of students in classes. |
After you finish configuring scopes for the custom Google app, go to IBM Storage Protect for Cloud and navigate to Management > App management to create an app profile and consent to the custom Google app. For more details, refer to the Consent to Custom Apps section in the IBM Storage Protect for Cloud user guide.