Connect a third-party data source

This page describes how to connect third-party data sources to Agentspace Enterprise.

When you connect a third-party data source, Agentspace Enterprise creates a data connector, and associates data stores (called entity data stores) with it for the entities that you specify. Entity types are specific to the data source that you're connecting to. For example, Jira Cloud entities include issues, attachments, comments, and worklogs.

To import data from a Google data source instead, see Create a first-party data store.

If you are using customer-managed encryption keys, see About single-region keys for third-party connectors.

Before you begin

  1. Contact your Google account team and ask to be added to the allowlist for third-party data source connectors.

  2. Go to the section for the source you plan to use:

Connect Adobe Experience Manager

Use the following procedure to sync data from Adobe Experience Manager to Agentspace Enterprise.

After you set up your data source and import data the first time, the data store syncs data from that source at a frequency that you select during setup.

Before you begin

Before setting up your connection:

  1. In addition to the third-party connector allowlist, this connector requires that your project is added to an additional allowlist. To be added to this allowlist, contact your Agentspace Enterprise account team.

  2. Set up access control for your data source. For information about setting up access control, see Use data source access control.

  3. An Adobe Experience Manager administrator must generate or obtain the following for integrating with Agentspace Enterprise:

    • Service credentials of your Adobe Experience Manager instance
    • Instance URL of your Adobe Experience Manager site

Create a Adobe Experience Manager connector

Console

To use the Google Cloud console to sync data from Adobe Experience Manager to Agentspace Enterprise, follow these steps:

  1. In the Google Cloud console, go to the Agentspace Enterprise page.

    Agentspace Enterprise

  2. In the navigation menu, click Data stores.

  3. Click Create data store.

  4. On the Select a data source page, scroll or search for Adobe Experience Manager to connect your third-party source.

  5. Enter your Adobe Experience Manager authentication information and click Continue.

  6. Select which entities to sync and click Continue.

  7. Select a region for your data store.

  8. Enter a name for your data connector.

  9. Select a synchronization frequency.

  10. Click Create. Agentspace Enterprise creates your data store and displays your data stores on the Data stores page.

  11. To check the status of your ingestion, go to the Data stores page and click your connector name to see details about it on its Data page. The Connector state changes from Creating to Running when it starts synchronizing data. When ingestion is complete, the state changes to Active to indicate that the connection to your data source is set up and awaiting the next scheduled synchronization.

    Depending on the size of your data, ingestion can take several minutes or several hours.

Next steps

Connect AODocs

Use the following procedure to sync data from AODocs to Agentspace Enterprise.

After you set up your data source and import data the first time, the data store syncs data from that source at a frequency that you select during setup.

Before you begin

Before setting up your connection:

  1. In addition to the third-party connector allowlist, this connector requires that your project is added to an additional allowlist. To be added to this allowlist, contact your Agentspace Enterprise account team.

  2. Set up access control for your data source. For information about setting up access control, see Use data source access control.

  3. An AODocs administrator must generate or obtain the following for integrating with Agentspace Enterprise:

    • Instance ID (Domain URL of your AODocs instance)
    • Client ID
    • Client secret

Create a AODocs connector

Console

To use the Google Cloud console to sync data from AODocs to Agentspace Enterprise, follow these steps:

  1. In the Google Cloud console, go to the Agentspace Enterprise page.

    Agentspace Enterprise

  2. In the navigation menu, click Data stores.

  3. Click Create data store.

  4. On the Select a data source page, scroll or search for AODocs to connect your third-party source.

  5. Enter your AODocs authentication information and click Authenticate. A new window appears.

  6. Authenticate your account and confirm that it succeeded before returning to the Specify the AODocs source for your data store page.

  7. Select which entities to sync and click Continue.

  8. Select a region for your data store.

  9. Enter a name for your data connector.

  10. Select a synchronization frequency.

  11. Click Create. Agentspace Enterprise creates your data store and displays your data stores on the Data stores page.

  12. To check the status of your ingestion, go to the Data stores page and click your connector name to see details about it on its Data page. The Connector state changes from Creating to Running when it starts synchronizing data. When ingestion is complete, the state changes to Active to indicate that the connection to your data source is set up and awaiting the next scheduled synchronization.

    Depending on the size of your data, ingestion can take several minutes or several hours.

Next steps

Connect Asana

Use the following procedure to sync data from Asana to Agentspace Enterprise.

After you set up your data source and import data the first time, the data store syncs data from that source at a frequency that you select during setup.

Before you begin

Before setting up your connection:

  • Set up access control for your data source. For information about setting up access control, see Use data source access control.

  • An Asana administrator must generate or obtain the personal access token (PAT) following for authentication. For more information, see Personal access token in the Asana documentation.

To invite a member to an Asana workspace , do the following:

  1. Sign in to Asana application with your administrator account.

  2. Select the relevant project.

  3. In the Share visitors dialog, under Invite with email:

    1. Click Invite.
    2. Enter the user's email address.
    3. Choose the permission level as Viewer.

To generate a PAT, do the following:

  1. Open the Asana Developer Console.

  2. Click My apps.

  3. Click Create token.

  4. In the Create new token dialog, fill the required information.

  5. Click Create token.

  6. Copy the token for later use.

  7. Click Done.

Create an Asana cloud connector

Console

To use the Google Cloud console to sync data from Asana to Agentspace Enterprise, follow these steps:

  1. In the Google Cloud console, go to the Agentspace Enterprise page.

    Agentspace Enterprise

  2. In the navigation menu, select Data Stores.

  3. Click Create data store.

  4. On the Select a data source page, scroll or search for Asana to connect your third-party source.

  5. Enter authentication details, including the generated PAT.

  6. Select the entities to synchronize and click Continue.

  7. Choose a region for the data store.

  8. Provide a name for the data store.

  9. Set a synchronization frequency for the data store.

  10. Click Create. Agentspace Enterprise creates your data store and displays your data stores on the Data stores page.

  11. To check the status of your ingestion, go to the Data stores page and click your data store name to see details about it on its Data page. The Connector state changes from Creating to Running when it starts synchronizing data. When ingestion is complete, the state changes to Active to indicate that the connection to your data source is set up and awaiting the next scheduled synchronization.

    Depending on the size of your data, ingestion can take minutes or hours.

Next steps

Connect Box

Use the following procedure to sync data from Box to Agentspace Enterprise.

After you set up your data source and import data the first time, the data store syncs data from that source at a frequency that you select during setup.

Before you begin

Before setting up your connection:

  1. You must have administrator access to the Box instance with 2FA enabled. All the set up instructions can only be performed from the administrator account.

  2. Set up access control for your data source. For information about setting up access control, see Use data source access control.

  3. Read Setup with JWT in the Box documentation for an overview of the setup with screenshots.

Create a Box app

  1. Sign in to the Box Developer Console with your administrator account.
  2. Click Create platform app.
  3. Select App type as Custom app.
  4. Enter the App name.
  5. Set the following properties:
    1. Purpose: Integration
    2. Categories: AI
    3. External system: Google Cloud Agentspace Enterprise
  6. Select Authentication method as Server authentication (with JWT).
  7. Click Create app.

Configure the Box app

  1. In the Box Developer Console, choose the Platform app and then go to the Configuration tab.
  2. In the App access level section, select App + Enterprise access.
  3. In the Application scopes section, select the following scopes:

    1. Read all files and folders stored in Box
    2. Write all files and folders stored in Box
    3. Manage users
    4. Manage groups
    5. Manage enterprise properties
  4. In the Advanced features section, select Make API calls using the as-user header.

  5. In the Add and manage public keys section, click Generate a public/private keypair.

    1. The public key is automatically uploaded to the console with an ID. This ID is used when creating a connection.
    2. You can download a configuration file with the private key and passphrase. Make sure to keep this file for later use.
    3. Optionally, to generate your own key, see the Box keypair setup guide.
  6. Click Save changes.

Authorize the Box app

  1. In the Box Developer Console, choose the Platform app and then go to the Authorization tab.
  2. Click Review and submit.
  3. In the Review app authorization submission dialog, click Submit.
  4. Sign in to the Box admin platform apps manager with your administrator account.
  5. Choose the Platform app that you have configured.
  6. Click the three dots (...) in the corresponding row.
  7. Select Authorize app from the drop-down list.
  8. In the Authorize app dialog, click Authorize to complete the authorization process.

Have the following Box authentication information ready:

  • Enterprise ID: Obtain it from the General settings tab.
  • Client ID and Client secret: Obtain it from the Configuration tab under OAuth 2.0 credentials.
  • Private key, Key ID, and Passphrase: These parameters were already generated and downloaded to a local file from the Configuration tab under Add and manage public keys while configuring the app.

Create a Box connector

Console

To use the Google Cloud console to sync data from Box to Agentspace Enterprise, follow these steps:

  1. In the Google Cloud console, go to the Agentspace Enterprise page.

    Agentspace Enterprise

  2. In the navigation menu, click Data stores.

  3. Click Create data store.

  4. On the Select a data source page, scroll or search for Box to connect your third-party source.

  5. Enter your authentication information.

  6. Select which entities to sync and click Continue.

  7. Select a region for your data store.

  8. Enter a name for your data store.

  9. Select a synchronization frequency for your data store.

  10. Click Create. Agentspace Enterprise creates your data store and displays your data stores on the Data stores page.

  11. To check the status of your ingestion, go to the Data stores page and click your data store name to see details about it on its Data page. The Connector state changes from Creating to Running when it starts synchronizing data. When ingestion is complete, the state changes to Active to indicate that the connection to your data source is set up and awaiting the next scheduled synchronization.

    Depending on the size of your data, ingestion can take minutes or hours.

Next steps

Connect Coda

Use the following procedure to sync data from Coda to Agentspace Enterprise.

After you set up your data source and import data the first time, the data store syncs data from that source at a frequency that you select during setup.

Before you begin

Before setting up your connection:

  1. Set up access control for your data source. For information about setting up access control, see Use data source access control.

  2. A Coda administrator must generate or obtain the Coda API token to integrate with Agentspace Enterprise.

Create a Coda connector

Console

To use the Google Cloud console to sync data from Coda to Agentspace Enterprise, follow these steps:

  1. In the Google Cloud console, go to the Agentspace Enterprise page.

    Agentspace Enterprise

  2. In the navigation menu, click Data stores.

  3. Click Create data store.

  4. On the Select a data source page, scroll or search for Coda to connect your third-party source.

  5. Enter your Coda authentication information and click Continue.

  6. Select which entities to sync and click Continue.

  7. Select a region for your data store.

  8. Enter a name for your data connector.

  9. Select a synchronization frequency.

  10. Click Create. Agentspace Enterprise creates your data store and displays your data stores on the Data stores page.

  11. To check the status of your ingestion, go to the Data stores page and click your connector name to see details about it on its Data page. The Connector state changes from Creating to Running when it starts synchronizing data. When ingestion is complete, the state changes to Active to indicate that the connection to your data source is set up and awaiting the next scheduled synchronization.

    Depending on the size of your data, ingestion can take several minutes or several hours.

Next steps

Connect Confluence Cloud

Use the following procedure to sync data from Confluence Cloud.

After you set up your data source and import data the first time, the data store syncs data from that source at a frequency that you select during setup.

Before you begin

Before setting up your connection:

  1. Verify that you have administrator access to the Confluence instance and project.

  2. Set up access control for your data source. For information about setting up access control, see Use data source access control.

Set up authentication and permissions in Confluence

Make sure that you have the necessary authentication details and administrator access to your Confluence instance. Use the following instructions to create a client ID and client secret through the Atlassian Developer Console, configure the required OAuth 2.0 scopes, set up permissions for users, retrieve your instance URL and ID, configure roles, and authenticate to sync data between Confluence Cloud and Agentspace Enterprise . To enable OAuth 2.0 and obtain the client ID and secret, see OAuth 2.0 (3LO) apps in the Atlassian Developer documentation.

  1. Create an OAuth 2.0 integration in the Atlassian Developer Console:

    1. Sign in to Atlassian Developer Console.
    2. Click the profile icon and select Developer console.

      select
      Select Developer console

    3. Click Create and select OAuth 2.0 Integration.

      select-integration
      Select OAuth 2.0 Integration

    4. Enter a name for the app and do the following:

      1. Check the terms and conditions checkbox.
      2. Click Create.

        click-create
        Create a new OAuth 2.0 Integration

      3. Click Authorization.

      4. In the Authorization type table, select Add for OAuth 2.0 (3LO).

        select-add
        Add authorization type

    5. In the Callback URL field, enter https://vertexaisearch.cloud.google.com/console/oauth/confluence_oauth.html.

    6. Click Save changes.

      click-save-changes
      Save changes

    If you see the warning: Your app doesn't have any APIs. Add APIs to your app, proceed to step 2 under the next section and complete all the remaining steps. Otherwise, skip ahead to step 4 in that same section.

To configure OAuth 2.0 and retrieve the required credentials for your Confluence connector setup, do the following:

  1. Enable OAuth 2.0:

    1. Click Permissions.

      select-permissions
      Select permissions

    2. Go to Confluence API.

    3. Click Add.

    4. Click Configure.

    5. Go to the Granular scopes tab and click Edit scopes.

      confluence-select-granular-permissions-edit-scopes
      Edit scopes

    6. Select the following scopes.

    7. Confirm that seven scopes are selected and save your changes.

  2. Obtain the client ID and client secret:

    1. Click Distribution.
    2. Select Edit.

      select-distribution-edit
      Edit distribution

    3. Select Sharing to enable editing other fields.

    4. Fill out the remaining fields. Make sure to set Vendor to Google and Privacy policy to policies.google.com.

    5. Select Yes when you see `Does your app store personal data?.

    6. Select Settings to copy your Client ID and Client secret.

      select-settings-copy-auth
      Copy your client ID and client secret

  3. Obtain the instance URL:

    1. Go to atlassian.net and sign in with your administrator account.
    2. Select the app you want to sync. For example, sync the first app.
    3. Find the instance URL. It appears as the subdomain in the address bar.
  4. Obtain the instance ID:

    1. Open a new tab, copy the instance URL, and append /_edge/tenant_info to the instance URL. For example, https://<var>YOUR-INSTANCE</var>.atlassian.net/_edge/tenant_info.
    2. Navigate to the link to find the cloudId value. The cloudId is your instance ID.

      instance-identifier
      Obtain instance ID

Set up permissions and roles

To set the user visibility, do the following:

  1. Click the user profile icon and go to Manage account.

    manage-account
    Manage account

  2. Navigate to the Profile and visibility.

    profile-and-visibility
    Profile and visibility

  3. Go to Contact and set the Who can see this as Anyone.

    contact
    Contact

To grant Confluence administrator with Discovery Engine Editor role in the Google Cloud console, do the following:

  1. In the Google Cloud console, go to the Agentspace page.
  2. Navigate to IAM.
  3. Locate the Confluence administrator account.
  4. Grant the Discovery Engine Editor role to the administrator.

To grant a user with an administrator role in Atlassian, do the following:

  1. Sign in to Atlassian using an administrator account.

  2. Click the menu icon and select your organization. Alternatively, you can go to admin.atlassian.com.

  3. On the Admin page, click the product and select the Manage users button.

    manage-users
    Manage users

  4. Click Groups under User management.

  5. On the Groups page:

    1. Click Create group.
    2. Enter a name for the group.

    create-group
    Create group

This group receives permissions required by the connector. Users added to this group inherit these permissions.The connector uses this group to authenticate and fetch documents.

  1. On the group page, click Add product.

    1. Select User access admin as the product role.
    2. Click Add.

      confluence-user-access-admin
      Confluence user access administrator

  2. Click Add group members to add the user account or group members that the connector uses to authenticate.

    add-group-members
    Add group members

Create a Confluence Cloud connector

Console

To use the Google Cloud console to sync data from Confluence Cloud to Agentspace Enterprise , follow these steps:

  1. In the Google Cloud console, go to the Agentspace page.

    Agentspace

  2. In the navigation menu, click Data stores.

  3. Click Create data store.

  4. On the Select a data source page, scroll or search for Confluence to connect your third-party source.

  5. Enter your authentication information and click Authenticate.

  6. A new window appears. Enter the instance username and password. Check that the authentication succeeded before returning to the Specify the Confluence source for your data store page.

    auth-details
    Enter the authentication details

  7. Select which entities to sync and click Continue.

    entities-to-sync
    Select entities to sync

  8. Select a region for your data connector.

  9. Enter a name for your data connector.

  10. Select a synchronization frequency.

  11. Click Create. Agentspace Enterprise creates your data store and displays your data stores on the Data Stores page.

  12. To check the status of your ingestion, go to the Data stores page and click your data store name to see details about it on its Data page. The Connector state changes from Creating to Running when it starts synchronizing data. When ingestion is complete, the state changes to Active to indicate that the connection to your data source is set up and awaiting the next scheduled synchronization.

    Depending on the size of your data, ingestion can take minutes or hours.

Next steps

Connect Confluence Data Center On-premises

Use this procedure to create a Confluence Data Center data store and search app in Agentspace Enterprise, syncing on-premises Confluence data with Agentspace Enterprise.

After you set up your data source and import data the first time, you can choose how often the data store syncs with that source.

Before you begin

Before setting up your connection, make sure that you have the following:

  1. Service attachment (required for private destination type only): Configure a service attachment for secure data transfer.
  2. Username and password: Obtain valid credentials for authentication from your Confluence administrator.
  3. Optional for private destination type: Domain URL: Specify the URL of the Confluence Data Center instance.
  4. Optional: Base domain name: Provide the base domain name for the Confluence instance.
  5. Optional: Destination port: Identify the port used for communication with the Confluence Data Center.
  6. Use the following configuration guidelines to establish connections with Private Service Connect(PSC). Adjust or add resources as needed. Make sure the PSC service attachment is properly configured to connect to the private instance and meets the requirements for a published service.

    1. Configure network settings:

      1. Place the PSC service attachment and load balancer in different subnets within the same Virtual Private Cloud network.

      2. The backend system must remain closed to the public network for security reasons. However, ensure it can accept traffic from the following sources:

        • For proxy-based/HTTP(s) load balancers (L4 proxy ILB, L7 ILB), configure the backend to accept requests from the proxy subnet in the Virtual Private Cloud network.

        • For more information, see the Proxy-only subnets for Envoy-based load balancers documentation.

    2. Adjust firewall rules:

      1. Ingress rules:

        • Allow traffic from the PSC service attachment subnet to the internal load balancer (ILB) subnet.
        • Make sure that the ILB can send traffic to the backend.
        • Permit health check probes to reach the backend.
      2. Egress rules: Enable egress traffic by default, unless specific deny rules apply.

  7. Additional considerations: Make sure to keep all the components, including the PSC service attachment and load balancer, in the same region.

Generate a service attachment

Use the following steps to generate a service attachment:

  1. Decide endpoint type: Select Public or Private endpoint.

  2. For Public endpoint: If the Confluence Data Center Destination type is Public, you are not required to create the setup for service attachment. Instead, you can use your public URL in the Domain URL field of the Google Cloud console when creating your connector.

  3. For Private endpoint:

    1. Use Private Service Connect (PSC) to enable connections from private instances to Google Cloud.
    2. Create a Virtual Private Cloud network and required subnets.
    3. Create a Virtual Machine (VM) instance and install the backend service.
    4. Optional: Set up a health check probe to monitor backend health.
    5. Add a load balancer to route traffic to the VM or backend.
    6. Define firewall rules to allow traffic between the PSC endpoint and the backend.
    7. Publish the endpoint by creating a PSC service attachment.

Create a Confluence Data Center user and set up permissions

To enable Agentspace Enterprise to obtain data from Confluence, you need to create a new user with the minimum permissions necessary. Follow these steps to create the user and set up the required permissions.

  1. Sign in as an administrator:

    1. Go to your Atlassian domain site and open the Confluence Data Center instance.
    2. Enter the administrator username and password.
    3. Click Log In.
  2. Create a new user:

    When creating a data store, you must create a user to obtain data from the third-party instance.

    1. Click the settings icon.
    2. Select User management.
    3. Enter the administrator credentials, if prompted.
    4. In the Administration page, click Create user.
    5. Enter the email address, full name, username, and password.
    6. Click Create user.
  3. Assign user to a group:

    1. In the Confluence administration page, navigate to the Users and security tab and click Groups.
    2. Click Add group. Enter a name for the group and create it.
    3. In the Find group field, enter the group name to find the group.
    4. Click the settings icon.
    5. Select the profile account and navigate to User management.
    6. In the Users page, under List users, search for the newly created user in the Find user field.
    7. Click the user to open the View users page.
    8. Click Edit groups to open the Edit user group page.
    9. Select the checkbox for the created user group.
    10. Click Save to assign the user to the newly created group.

    The added user is assigned in the Group members section.

  4. Configure user permissions:

    1. In the Confluence administration page, navigate to the Issues tab.
    2. Locate Permissions.
    3. Select View global permissions.
    4. Select Edit permissions.
    5. In the Edit global permissions page, search for the group assigned to the user, and enable the can use option.

Configure the documentation space

  1. Click the Confluence icon to navigate to the Dashboard page.
  2. Click Create space.
  3. Select Documentation space and click Next.
  4. Enter all the necessary details and click Create to create the documentation space.
  5. Under My spaces, click the newly created space.
  6. Navigate to Pages, and open the menu (three dots).
  7. Select Restrictions.
  8. From the Restrictions drop-down menu, select the Viewing and editing restricted option.
  9. Search for the group and assign the can view permission.
  10. Click Apply. The user is created with minimum access and permissions are set for spaces. You can also assign permissions to the blogs.

Create a Confluence Data Center On-premises connector

Console

  1. In the Google Cloud console, go to the Agentspace Enterprise page.

    Agentspace Enterprise

  2. In the navigation menu, click Data stores.

  3. Click Create data store.

  4. On the Select a data source page, scroll or search for Confluence data center to connect your third-party source.

  5. Enter your authentication information and click Continue.

  6. From the Destination type drop-down list, select Public or Private.

    1. For Public destination type, you are not required to create the setup for service attachment. Instead, you can use your public URL in the Domain URL field of the Google Cloud console.

    2. For Private destination type, enter all the required information:

      1. For instance with the Domain URL:
        • Service attachment: Enter your service attachment.
        • Optional: Base domain name: Enter your base domain.
        • Domain URL: Enter your domain URL.
        • Optional: Destination port: Enter your destination port.
      2. For instance without Domain URL:
        • Service attachment: Enter your service attachment.
        • Optional: Destination port: Enter your destination port.
  7. Click Continue.

  8. Optional: Advanced options: Select and enable Proxy settings and SSL settings, if required.

  9. Under the Entities to sync, select all the required entities to sync and click Continue.

  10. Select a region for your data connector and enter a name for your data connector.

  11. Select a synchronization frequency.

For Private destination type, after you submit the details for the connector, VAIS sends a connection request to your PSC. Navigate to your connector to see a message to allowlist a projectId in the PSC. The connector remains in the Error state until you allow the connection in PSC. When you accept the connection request, the connector moves to the Active state during the next sync run. If you configure your PSC to accept all connections, the connector automatically moves to the Active state after creation.

For Public destination type, the connector automatically enters the Active state after submission.

To verify the state of the data store and the ingestion activity, do the following:

  1. Navigate to the connector in the data store list and monitor its state until it changes to Active.
  2. After the connector state changes to Active, click the required entity and confirm that all selected entities are ingested. The data store state transitions from Creating to Running when synchronization begins and changes to Active once ingestion completes, indicating that the data store is set up. Depending on the size of your data, ingestion can take several hours.

Next steps

Connect DocuSign

Use the following procedure to sync data from DocuSign to Agentspace Enterprise.

After you set up your data source and import data the first time, the data store syncs data from that source at a frequency that you select during setup.

Before you begin

Before setting up a connection for the DocuSign connector, make sure that you have the following credentials for authentication:

  • Consumer key
  • Private key
  • Username

Generate keys and user credentials

Create a user in the DocuSign instance, assign the user to a group, and grant the required permissions to generate the consumer key, private key, and username needed for integration and authentication.

  1. Register a DocuSign user: If you are a new user, use the following steps to create a DocuSign developer account. If you are an existing user, go to the access account details section.

    1. Go to the DocuSign developer account.

    2. Expand the Developer account drop-down and click Create account.

    3. On the Get your free developer account page, enter the required information:

      • First name
      • Last name
      • Email
      • Company
      • Country
      • DocuSign account status (if applicable)
    4. Click Get started.

    5. A Check your email window appears. Check your email for a verification code, enter it, and click Next.

    6. The Verify your mobile number window appears. Select the country code, enter your mobile number, and click Send code.

    7. Enter the temporary code received and click Verify.

    8. On the Set your password window, enter your password and click Next.

    9. The user is logged into the Sandbox environment.

  2. Access account details:

    1. Click the User profile icon and select My apps & keys.

    2. The Account dashboard and Apps and keys page is displayed, showing the User ID, Account ID, and App base URL.

  3. Generate apps and integration keys:

    1. Click Add app and integration key.

    2. In the Add integration key dialog, enter the app name and click Create app.

    3. The user is redirected to the app page. In the Authentication section, select Yes for the question "Is your application able to securely store a client secret?" and click Add secret key. A secret key is added.

    4. In the Service integration section, click Generate RSA.

    5. The RSA key pair dialog displays the keypair ID, public key, and private key. Copy both, as they are not displayed again.

  4. Add user to production:

    1. Sign in to the DocuSign production instance.

    2. Click Admin.

    3. Navigate to Users and groups > Users.

    4. On the Seats & users page, under Seat usage, click Assign a seat.

    5. In the Add user page, enter the email address.

    6. Click Next.

    7. Complete the mandatory fields in the Profile information section.

    8. Click Next.

    9. In the Security section, add the Access code.

    10. Click Next.

    11. In the Permission profile and groups section, select the permission as Viewer.

    12. Click Add user.

    13. The Seats and users page is displayed, and the user appears under All users.

    14. Open the user email account and activate the account using the Account activation email.

    15. Click Activate, enter the Access code, and activate the account.

  5. Generate RSA keypair:

    1. Navigate to Admin > Integrations > Apps and keys.

    2. On the Apps and keys page, click Actions and choose Edit for an existing app name from the Apps and integration keys section.

    3. On the App details page, go to the Service integration section and click Generate RSA.

    4. The RSA keypair dialog displays the keypair ID, public key, and private key. Copy all the details and click Close.

    5. Click the Profile icon and sign out.

  6. Sign in to production instance: Sign in to the DocuSign production instance using minimum access user credentials. The Admin menu option is not displayed for the minimum access user account.

Create a DocuSign cloud connector

Console

To use the Google Cloud console to sync data from DocuSign to Agentspace Enterprise, follow these steps:

  1. In the Google Cloud console, go to the Agentspace Enterprise page.

    Agentspace Enterprise

  2. In the navigation menu, click Data stores.

  3. Click Create data store.

  4. On the Select a data source page, scroll or search for DocuSign to connect your third-party source.

  5. Enter your authentication information. .

  6. Select which entities to sync and click Continue.

  7. Select a region for your data store.

  8. Enter a name for your data store.

  9. Select a synchronization frequency for your data store.

  10. Click Create. Agentspace Enterprise creates your data store and displays your data stores on the Data stores page.

  11. To check the status of your ingestion, go to the Data stores page and click your data store name to see details about it on its Data page. The Connector state changes from Creating to Running when it starts synchronizing data. When ingestion is complete, the state changes to Active to indicate that the connection to your data source is set up and awaiting the next scheduled synchronization. Depending on the size of your data, ingestion can take minutes or hours.

Next steps

Connect Dropbox

Use the following procedure to sync data from Dropbox to Agentspace Enterprise.

After you set up your data source and import data the first time, the data store syncs data from that source at a frequency that you select during setup.

Before you begin

Before setting up your connection:

  1. Set up access control for your data source. For more information, see Use data source access control.

  2. Have the following Dropbox authentication information ready. For information about setting up these parameters, see the OAuth Guide in the Dropbox documentation.

    • Client ID
    • Client secret

Create a Dropbox connector

Console

To use the Google Cloud console to sync data from Dropbox to Agentspace Enterprise, follow these steps:

  1. In the Google Cloud console, go to the Agentspace Enterprise page.

    Agentspace Enterprise

  2. In the navigation menu, click Data Stores.

  3. Click Create data store.

  4. On the Select a data source page, scroll or search for Dropbox to connect your third-party source.

  5. Enter your Dropbox authentication information and click Authenticate. A new window appears.

  6. Authenticate your account and confirm that it succeeded before returning to the Specify the Dropbox source for your data store page.

  7. Select which entities to sync and click Continue.

  8. Select a location for your data store.

  9. Enter a name for your data store.

  10. Select a synchronization frequency for your data store.

  11. Click Create. Agentspace Enterprise creates your data store and displays your data stores on the Data stores page.

  12. To check the status of your ingestion, go to the Data stores page and click your data store name to see details about it on its Data page. The Connector state changes from Creating to Running when it starts synchronizing data. When ingestion is complete, the state changes to Active to indicate that the connection to your data source is set up and awaiting the next scheduled synchronization. Check the Documents tab to make sure your entities have been ingested correctly.

    Depending on the size of your data, ingestion can take minutes or hours.

Next steps

Connect Entra ID

Use the following procedure to sync data from Entra ID to Agentspace Enterprise.

After you set up your data source and import data the first time, the data store syncs data from that source at a frequency that you select during setup.

Before you begin

Before setting up your connection:

  1. Set up access control for your data source. For information about setting up access control, see Use data source access control.

  2. To obtain the client ID and client secret, do the following:

    1. Create an Entra ID application:

      1. Sign in to Microsoft Entra administrator center and click Application.
      2. In the Application drop-down list, click App registrations.
      3. In the App registrations page, click New registration.
      4. Click Add new registration and do the following:
        • Enter a name for the application.
        • Under Supported account types, select Accounts in the organizational directory only.
        • Under Redirect URI, add a web redirect URI pointing to: https://login.microsoftonline.com/common/oauth2/nativeclient.
      5. Click Register.
    2. Save credentials:

      On your registered application window, save the following values for later use:

      1. Use the Application (client) ID to set the Client ID parameter.
      2. Use the Directory (tenant) ID to set the Azure Tenant parameter.
    3. Create client secret:

      1. Navigate to Certificates & secrets and create a new client secret:
      2. Click New client secret and specify the required duration.
      3. Save the client secret and copy the key value for later use.

Configure Entra ID API permissions

  1. On your registered application window, click API permissions.
  2. Under Configured permissions, select Microsoft Graph and configure the following permission:

    If you want to ingest profileCardAttributes, then configure the following permissions:

  3. Grant admin consent for all the added permissions. An administrator's consent is required to use client credentials in the authentication flow.

Create a Entra ID connector

Console

To use the Google Cloud console to sync data from Entra ID to Agentspace Enterprise, follow these steps:

  1. In the Google Cloud console, go to the Agentspace Enterprise page.

    Agentspace Enterprise

  2. In the navigation menu, click Data stores.

  3. Click Create data store.

  4. On the Select a data source page, scroll or search for Entra ID to connect your third-party source.

  5. Under Authentication settings, enter the client ID and client secret.

  6. Skip the Destinations option and click Continue.

  7. Under Advanced options, enter the Azure tenant ID.

  8. Select Enable realtime sync for all entities if you want the data updated in near real-time.

  9. Enter a string value in the Client state field. The client state is used to authenticate change notifications. For webhook authentication on the third-party app, the credentials passed during connector creation are re-used.

  10. Click Continue.

  11. Under Entities to sync, select User profiles.

  12. Click Continue.

  13. In Configure your data connector, select a region for your data store.

  14. Enter a name for your data connector.

  15. Select a synchronization frequency.

  16. Click Create. Agentspace Enterprise creates your data store and displays your data stores on the Data stores page.

  17. To check the status of your ingestion, go to the Data stores page and click your connector name to see details about it on its Data page. The Connector state changes from Creating to Running when it starts synchronizing data. When ingestion is complete, the state changes to Active to indicate that the connection to your data source is set up and awaiting the next scheduled synchronization.

    Depending on the size of your data, ingestion can take several minutes or several hours.

  18. When the connector state changes to Active, navigate to the Entity tab.

  19. Click userprofiles entity.

  20. Check the number of ingested documents and ensure it matches the number of users in Entra ID.

    If the Entra ID app has the required permissions to ingest custom attributes, it ingests up to 15 profile card attributes per record. By default, the custom attributes are not searchable.

To make the custom attributes searchable, do the following:

  1. In the userprofiles page, navigate to the Schema tab.
  2. Click Edit.
  3. Deselect the attributes, such as address, from being retrievable, searchable, and indexable, then click Save.

    The Edit button remains inactive for a few minutes before reactivating.

  4. When the Edit button is in Active state, click Edit.

  5. Select the retrievable, searchable, and indexable boxes for the required custom attributes.

  6. Enable search.

  7. Click Save.

Test the search engine

After configuring your search engine, test its capabilities. This ensures it returns accurate results based on user access.

  1. Enable web app:

    1. Go to the app integration configurations and toggle to Enable the web app.
  2. Test web app:

    1. Click Open next to the web app link and sign in as a user.

    2. Verify that search results are restricted to items accessible by the user.

Preview people search results

  1. In the search app, navigate to Preview and start searching within the console when using Google IdP.

    • Alternatively, navigate to the provided link and sign in with your IdP to start searching.
    • The search results appear as people cards, displaying user details such as Name, Job title, Email, and Profile picture.
  2. Click a people card to view a detailed profile page, which includes the following:

    • Name
    • Profile picture
    • Job title
    • Department
    • Management chain
    • Direct reports
  3. If custom attributes (profile card properties) are ingested and made indexable, searchable, and retrievable:

    • Searching by a custom attribute value returns only person profiles containing those attributes.
    • Custom attributes appear in search results, but can only be accessed through the API, not the Agentspace Enterprise user interface.

Configure the workforce pool for non-Google IdP without SSO

  1. If your employees use a non-Google IdP, lack SSO with Google, or are not Google Workspace customers, set up a workforce pool as described in Use data source access control to enable the employee search.

    The workforce pool lets you to manage and authenticate users from external identity providers, such as Azure or Okta, within Google Cloud console.

  2. To configure your workforce pool and enable the web app for seamless user access, do the following:

    1. Create workforce pool at the organization level in Google Cloud by following the appropriate setup manual:

      1. Azure OIDC setup
      2. Azure SAML setup
      3. Okta & OIDC setup
      4. Okta & SAML setup
    2. Configure the workforce pool in Agentspace > Settings for the region where you create your app.

Next steps

Connect GitHub

Use the following procedure to sync data from GitHub to Agentspace Enterprise.

After you set up your data source and import data the first time, the data store syncs data from that source at a frequency that you select during setup.

Before you begin

Before setting up your connection:

  1. Set up access control for your data source. For information about setting up access control, see Use data source access control.

  2. A GitHub administrator must obtain the GitHub instance personal access token to integrate with Agentspace Enterprise.

Create a GitHub connector

Console

To use the Google Cloud console to sync data from GitHub to Agentspace Enterprise, follow these steps:

  1. In the Google Cloud console, go to the Agentspace Enterprise page.

    Agentspace Enterprise

  2. In the navigation menu, click Data stores.

  3. Click Create data store.

  4. On the Select a data source page, scroll or search for GitHub to connect your third-party source.

  5. Enter your GitHub authentication information and click Continue.

  6. Select which entities to sync and click Continue.

  7. Select a region for your data store.

  8. Enter a name for your data connector.

  9. Select a synchronization frequency.

  10. Click Create. Agentspace Enterprise creates your data store and displays your data stores on the Data stores page.

  11. To check the status of your ingestion, go to the Data stores page and click your connector name to see details about it on its Data page. The Connector state changes from Creating to Running when it starts synchronizing data. When ingestion is complete, the state changes to Active to indicate that the connection to your data source is set up and awaiting the next scheduled synchronization.

    Depending on the size of your data, ingestion can take several minutes or several hours.

Next steps

Connect GitLab

Use the following procedure to sync data from GitLab to Agentspace Enterprise.

After you set up your data source and import data the first time, the data store syncs data from that source at a frequency that you select during setup.

Before you begin

Before setting up your connection:

  1. Set up access control for your data source. For information about setting up access control, see Use data source access control.

  2. A GitLab administrator must obtain the GitLab instance personal access token to integrate with Agentspace Enterprise.

Create a GitLab connector

Console

To use the Google Cloud console to sync data from GitLab to Agentspace Enterprise, follow these steps:

  1. In the Google Cloud console, go to the Agentspace Enterprise page.

    Agentspace Enterprise

  2. In the navigation menu, click Data stores.

  3. Click Create data store.

  4. On the Select a data source page, scroll or search for GitLab to connect your third-party source.

  5. Enter your GitLab authentication information and click Continue.

  6. Select which entities to sync and click Continue.

  7. Select a region for your data store.

  8. Enter a name for your data connector.

  9. Select a synchronization frequency.

  10. Click Create. Agentspace Enterprise creates your data store and displays your data stores on the Data stores page.

  11. To check the status of your ingestion, go to the Data stores page and click your connector name to see details about it on its Data page. The Connector state changes from Creating to Running when it starts synchronizing data. When ingestion is complete, the state changes to Active to indicate that the connection to your data source is set up and awaiting the next scheduled synchronization.

    Depending on the size of your data, ingestion can take several minutes or several hours.

Next steps

Connect Jira Cloud

Use the following procedure to sync data from Jira Cloud.

After you set up your data source and import data the first time, the data store syncs data from that source at a frequency that you select during setup.

Before you begin

Before setting up your connection:

  1. Verify that you have administrator access to the Jira instance, and project.

  2. Set up access control. Ensure that access control is properly configured for your data source. This step ensures that only authorized users can access and manage the data. For more information, see Use data source access control documentation.

  3. For user permissions to apply correctly, Jira Cloud users must provide sharing consent.

  4. Make sure that you have an Atlassian account, Jira instance, and project.

Set up authentication and permissions in Jira

Make sure that you have the necessary authentication details and administrator access to your Jira instance. Use the following instructions to create a client ID and client secret through the Atlassian Developer Console, configure the required OAuth 2.0 scopes, set up permissions for users, retrieve your instance URL and ID, configure roles, and authenticate to sync data between Jira Cloud and Agentspace Enterprise . To enable OAuth 2.0 and obtain the client ID and secret, see OAuth 2.0 (3LO) apps in the Atlassian Developer documentation.

  1. Create an OAuth 2.0 integration in the Atlassian Developer Console:

    1. Sign in to the Atlassian Developer Console.
    2. Click the profile icon and select Developer console.

      select
      Select Developer console

    3. Click Create and select OAuth 2.0 Integration.

      select
      Select OAuth 2.0 Integration

    4. Enter a name for the app and do the following:

      1. Check the terms and conditions checkbox.
      2. Click Create.

      select
      Create a new OAuth 2.0 Integration

      1. Click Authorization.
      2. In the Authorization type table, select Add for OAuth 2.0 (3LO).

      select-add
      Add authorization type

    5. In the Callback URL field, enter https://vertexaisearch.cloud.google.com/console/oauth/jira_oauth.html.

    6. Click Save changes.

      select
      Save changes

    If you see the warning: Your app doesn't have any APIs. Add APIs to your app, proceed to step 2 under the next section and complete all the remaining steps. Otherwise, skip ahead to step 4 in that same section.

To configure OAuth 2.0 and retrieve the required credentials for your Jira connector setup, do the following:

  1. Enable OAuth 2.0:

    1. Select Permissions:

      select
      Select Permissions

      1. Go to Jira API.
      2. Click Add.
      3. Click Configure.
      4. Go to the Classic scopes tab and click Edit scopes.

      select
      Edit Classic scopes

      1. Select the following scopes:
    2. Confirm that eight scopes are selected, then save your changes.

    3. Go to the Granular scopes tab and click Edit scopes.

      select
      Edit Granular scopes

    4. Select the following scopes:

    5. Confirm that six scopes are selected, then save your changes.

  2. Obtain the client ID and client secret:

    1. Click Distribution.
    2. Select Edit, and do the following:

      select
      Edit Distribution

      1. Select Sharing to enable editing other fields.
      2. Fill out the remaining fields. Make sure to set Vendor to Google and Privacy policy to policies.google.com.
      3. Select Yes when you see Does your app store personal data?.
    3. Select Settings to copy your Client ID and Client secret.

      select
      Copy your client ID and client secret

  3. Obtain the instance URL:

    1. Go to atlassian.net and sign in with your administrator account.
    2. Select the app you want to sync. For example, sync the first app.
    3. Find the instance URL, which is the subdomain in the address bar.
  4. Obtain the instance ID:

    1. Open a new tab, copy the instance URL, and append /_edge/tenant_info to the instance URL. For example, https://<var>YOUR-INSTANCE</var>.atlassian.net/_edge/tenant_info.
    2. Navigate to the link to find the cloudId value. The cloudId is your instance ID.

      select
      Obtain your instance ID

Set up permissions and roles

To set the user visibility, do the following:

  1. Click the user profile icon and go to Manage account.

    manage-account
    Manage account

  2. Navigate to the Profile and visibility.

    profile-visibility
    Profile and visibility

  3. Go to Contact and set the Who can see this as Anyone.

    contact
    Contact

To grant Jira administrator with Discovery Engine Editor role in the Google Cloud console, do the following:

  1. In the Google Cloud console, go to the Agentspace page.
  2. Navigate to IAM.
  3. Locate the Jira administrator account.
  4. Grant the Discovery Engine Editor role to the administrator.

To grant a user with an administrator role in Atlassian, do the following:

  1. Sign in to Atlassian using an administrator account.

  2. Click the menu icon and select your organization. Alternatively, you can go to admin.atlassian.com.

  3. On the Admin page, click the product and select the Manage users button.

    manage-users
    Manage users

  4. Click Groups under User management.

  5. On the Groups page:

    1. Click Create group.
    2. Enter a name for the group.

    create-group
    Create group

This group receives permissions required by the connector. Users added to this group inherit these permissions.The connector uses this group to authenticate and fetch documents.

  1. On the group page, click Add product.

  2. Select User access admin as the product role.

    jira-user-access-admin
    Jira user access administrator

  3. Select Product admin as the product roles.

  4. Click Add.

  5. Click Add group members to add a user account or group members that the connector uses to authenticate and access the required resources.

    add-group-members
    Add group members

Create a Jira Cloud connector

Console

To use the Google Cloud console to sync data from Jira Cloud to Agentspace Enterprise , follow these steps:

  1. In the Google Cloud console, go to the Agentspace page.

    Agentspace

  2. In the navigation menu, click Data Stores.

  3. Click Create data store.

  4. On the Select a data source page, scroll or search for Jira Cloud to connect your third-party source.

  5. Enter your authentication information and click Authenticate.

    auth-details
    Enter the authentication details

  6. Enter the instance username and password.

  7. Verify that the authentication succeeded before returning to the Specify the Jira source for your data store page.

  8. Select which entities to sync, then click Continue.

  9. Select a region for your data store.

  10. Enter a name for your data store.

  11. Select a synchronization frequency.

  12. Click Create. Agentspace Enterprise creates your data store and displays your data stores on the Data Stores page.

  13. To check the status of your ingestion, go to the Data stores page and click your data store name to see details about it on its Data page. The Connector state changes from Creating to Running when it starts synchronizing data. When ingestion is complete, the state changes to Active to indicate that the connection to your data source is set up and awaiting the next scheduled synchronization.

    Depending on the size of your data, ingestion can take minutes or hours.

Next steps

Connect Jira Data Center On-premises

Use this procedure to create a Jira Data Center data store and search app in Agentspace Enterprise, syncing on-premises Jira data with Agentspace Enterprise.

After you set up your data source and import data the first time, you can choose how often the data store syncs with that source.

Before you begin

Before setting up your connection, make sure that you have the following:

  1. Service attachment (Required for private destination type only): Configure a service attachment for secure data transfer.
  2. Username and password: Obtain valid credentials for authentication from your Jira administrator.
  3. Optional for private destination type: Domain URL: Specify the URL of the Jira Data Center instance.
  4. Optional: Base domain name: Provide the base domain name for the Jira instance.
  5. Optional: Destination port: Identify the port used for communication with the Jira Data Center.
  6. Use the following configuration guidelines to establish connections with Private Service Connect (PSC). Adjust or add resources as needed. Make sure the PSC service attachment is properly configured to connect to the private instance and meets the requirements for a published service.

    1. Configure network settings:

      1. Place the PSC service attachment and load balancer in different subnets within the same Virtual Private Cloud network.

      2. The backend system must remain closed to the public network for security reasons. However, ensure it can accept traffic from the following sources:

        • For proxy-based/HTTP(s) load balancers (L4 proxy ILB, L7 ILB), configure the backend to accept requests from the proxy subnet in the Virtual Private Cloud network.

        • For more information, see the Proxy-only subnets for Envoy-based load balancers documentation.

    2. Adjust firewall rules:

      1. Ingress rules:

        • Allow traffic from the PSC service attachment subnet to the internal load balancer (ILB) subnet.
        • Make sure that the ILB can send traffic to the backend.
        • Permit health check probes to reach the backend.
      2. Egress rules: Enable egress traffic by default, unless specific deny rules apply.

  7. Additional considerations: Make sure to keep all the components, including the PSC service attachment and load balancer, in the same region.

Generate a service attachment

Use the following steps to generate a service attachment:

  1. Decide endpoint type: Select Public or Private endpoint.

  2. For Public endpoint: If the Jira Data Center Destination type is Public, you are not required to create the setup for service attachment. Instead, you can use your public URL in the Domain URL field of the Google Cloud console.

  3. For Private endpoint:

    1. Use PSC to enable connections from private instances to Google Cloud.
    2. Create a Virtual Private Cloud network and required subnets.
    3. Create a Virtual Machine (VM) instance and install the backend service.
    4. Optional: Set up a health check probe to monitor backend health.
    5. Add a load balancer to route traffic to the VM or backend.
    6. Define firewall rules to allow traffic between the PSC endpoint and the backend.
    7. Publish the endpoint by creating a PSC service attachment.

Create a Jira Data Center user and set up permissions

To enable Agentspace Enterprise to obtain data from Jira, you need to create a new user with the minimum permissions necessary. Follow these steps to create the user and set up the required permissions.

  1. Sign in as an administrator:

    1. Go to your Atlassian domain site and open Jira Data Center instance.
    2. Enter the administrator username and password.
    3. Click Log In.
  2. Create a new user:

    When creating a data store, you must create a user to obtain data from the third-party instance.

    1. Click the settings icon.
    2. Select User management.
    3. Enter the administrator credentials, if prompted.
    4. In the Administration page, click Create user.
    5. Enter the email address, full name, username, and password.
    6. Click Create user.
  3. Assign user to a group:

    1. In the Administration page, under User management, click Groups.
    2. Create a group by entering a name and clicking Add group.
    3. Select the newly created group.
    4. Click Add/Remove users.
    5. Click the member icon located next to the Add members to selected groups box.
    6. Select the newly created user and click Save the selection.
    7. Click Add selected user to see new users in the group members section.

    You can see the added user is assigned in the Group members section.

  4. Configure user permissions:

    1. In the Administration page, navigate to the Issues tab.
    2. Select Permission schemes.
    3. Click Add permission scheme.
    4. Enter a name for the scheme and click Add.
    5. Select the scheme and click the Permission icon.
    6. Click Grant permission.
    7. Add the following permissions, assign these permissions to the group created earlier, and click Grant:
      1. Browse projects.
      2. Browse projects archive.
    8. Add this scheme to projects where users in the group need access to view the project, issues, comments, worklogs, and attachments.

Configure application access

  1. In the Administration page, navigate to the Applications tab.
  2. Under the Applications tab, select Application access.
  3. Search for the created group and select it.
  4. Verify that the group appears in the access list.

The user is created with minimum access. This schema is added to the projects. The Jira administrator can add more members to that group or add users to that project.

Create a Jira Data Center on-premises connector

Console

  1. In the Google Cloud console, go to the Agentspace Enterprise page.

    Agentspace Enterprise

  2. In the navigation menu, click Data stores.

  3. Click Create data store.

  4. On the Select a data source page, scroll or search for Jira data center to connect your third-party source.

  5. Enter your authentication information and click Continue.

  6. From the Destination type drop-down list, select Public or Private.

    1. For Public destination type, you are not required to create the setup for service attachment. Instead, you can use your public URL in the Domain URL field of the Google Cloud console.

    2. For Private destination type, enter all the required information:

      1. For instance with the Domain URL:
        • Service attachment: Enter your service attachment.
        • Optional: Base domain name: Enter your base domain.
        • Domain URL: Enter your domain URL.
        • Optional: Destination port: Enter your destination port.
      2. For instance without Domain URL:
        • Service attachment: Enter your service attachment.
        • Optional: Destination port: Enter your destination port.
  7. Click Continue.

  8. Optional: Advanced options: Select and enable Proxy settings and SSL settings, if required.

  9. Under the Entities to sync, select all the required entities to sync and click Continue.

  10. Select a region for your data connector and enter a name for your data connector.

  11. Select a synchronization frequency.

For Private destination type, after you submit the details for the connector, VAIS sends a connection request to your PSC. Navigate to your connector to see a message to allowlist a projectId in the PSC. The connector remains in the Error state until you allow the connection in PSC. When you accept the connection request, the connector moves to the Active state during the next sync run. If you configure your PSC to accept all connections, the connector automatically moves to the Active state after creation.

For Public destination type, the connector automatically enters the Active state after submission. To verify the state of the data store and the ingestion activity, do the following:

  1. Navigate to the connector in the data store list and monitor its state until it changes to Active.
  2. After the connector state changes to Active, click the required entity and confirm that all selected entities are ingested. The data store state transitions from Creating to Running when synchronization begins and changes to Active once ingestion completes, indicating that the data store is set up. Depending on the size of your data, ingestion can take several hours.

Next steps

Connect Marketo Cloud

Use the following procedure to sync data from Marketo Cloud to Agentspace Enterprise..

After you set up your data source and import data the first time, the data store syncs data from that source at a frequency that you select during setup.

Before you begin

Before setting up the connection, make sure that you have the authentication credentials, including a client ID and client secret.

Generate authentication credentials

  1. Create a Marketo administrator user:

    1. Sign in to Marketo with the administrator user instance.
    2. From the Home tab, click Admin.
    3. Navigate to Security > Users & roles and click Go to admin console.
    4. In the Adobe console, under Quick links, click Add users.
    5. In the Add users to your team dialog:

      1. Enter your email address.
      2. Select the product subscription as Marketo Engage – googledevsandbox.
      3. Click Save.
    6. Return to Marketo admin > Security > Users & roles and locate the newly created user.

    7. Select the user and click Edit.

    8. Remove the Standard user role and assign the Admin role.

    9. Click Save.

  2. Create a Marketo client ID and secret key:

    1. Go to the Marketo auth services instance.
    2. Enter the administrator credentials and then click Continue.
    3. Click Admin.
    4. In the Admin dashboard, go to Security > Users & roles.
    5. Click Create API only user.
    6. In the Create new API only user window, do the following:

      1. Fill in the required fields:

        • Email
        • First name
        • Last name
      2. Select the required roles, and click Create API only user.

    7. Click Admin and then navigate to Integration > LaunchPoint.

    8. Click New > New services.

    9. In the New services window, do the following:

      1. Enter a Display name for identification.
      2. In the Service field, select Custom.
      3. Enter a description.
      4. In the API only user field, select the previously created API user.
      5. Click Create. The API user appears in the Installed services page.
    10. In the Installed services page, navigate to the API user row.

    11. Under the Details column, click View details to retrieve the Client ID and Secret key.

Create a Marketo Cloud connector

Console

To use the Google Cloud console to sync data from Marketo to Agentspace Enterprise, follow these steps:

  1. In the Google Cloud console, go to the Agentspace Enterprise page.

    Agentspace Enterprise

  2. In the navigation menu, click Data stores.

  3. Click Create data store.

  4. On the Select a data source page, scroll or search for Marketo to connect your third-party source.

  5. Enter your authentication information and click Continue.

  6. Select which entities to sync and click Continue.

  7. Select a region for your data store.

  8. Enter a name for your data connector.

  9. Select a synchronization frequency.

  10. Click Create. Agentspace Enterprise creates your data store and displays your data stores on the Data stores page.

  11. To check the status of your ingestion, go to the Data stores page and click your connector name to see details about it on its Data page. The Connector state changes from Creating to Running when it starts synchronizing data. When ingestion is complete, the state changes to Active to indicate that the connection to your data source is set up and awaiting the next scheduled synchronization.

    Depending on the size of your data, ingestion can take several minutes or several hours.

Next steps

Connect Microsoft Outlook

Use the following procedure to sync data from Microsoft Outlook to Agentspace Enterprise.

After you set up your data source and import data the first time, the data store syncs data from that source at a frequency that you select during setup.

Before you begin

Before setting up your connection:

  1. Set up access control for your data source. For information about setting up access control, see Use data source access control.

  2. A Microsoft Outlook administrator must generate or obtain the following for integrating with Agentspace Enterprise:

    • Client ID
    • Client secret
    • Tenant ID
  3. Configure the following scopes:

Create a Microsoft Outlook connector

Console

To use the Google Cloud console to sync data from Microsoft Outlook to Agentspace Enterprise, follow these steps:

  1. In the Google Cloud console, go to the Agentspace Enterprise page.

    Agentspace Enterprise

  2. In the navigation menu, click Data stores.

  3. Click Create data store.

  4. On the Select a data source page, scroll or search for Microsoft Outlook to connect your third-party source.

  5. Enter your Microsoft Outlook authentication information and click Continue.

  6. Select which entities to sync and click Continue.

  7. Select a region for your data store.

  8. Enter a name for your data connector.

  9. Select a synchronization frequency.

  10. Click Create. Agentspace Enterprise creates your data store and displays your data stores on the Data stores page.

  11. To check the status of your ingestion, go to the Data stores page and click your connector name to see details about it on its Data page. The Connector state changes from Creating to Running when it starts synchronizing data. When ingestion is complete, the state changes to Active to indicate that the connection to your data source is set up and awaiting the next scheduled synchronization.

    Depending on the size of your data, ingestion can take several minutes or several hours.

Next steps

Connect Microsoft Teams

Use the following procedure to sync data from Microsoft Teams to Agentspace Enterprise.

After you set up your data source and import data the first time, the data store syncs data from that source at a frequency that you select during setup.

Before you begin

Before setting up your connection:

  1. Set up access control for your data source. For information about setting up access control, see Use data source access control.

  2. A Microsoft Teams administrator must generate or obtain the following for integrating with Agentspace Enterprise:

    • Client ID
    • Client secret
    • Tenant ID
  3. Configure the following Microsoft Graph (Application) permissions with the consent of a Microsoft Teams administrator:

Create a Microsoft Teams connector

Console

To use the Google Cloud console to sync data from Microsoft Teams to Agentspace Enterprise, follow these steps:

  1. In the Google Cloud console, go to the Agentspace Enterprise page.

    Agentspace Enterprise

  2. In the navigation menu, click Data stores.

  3. Click Create data store.

  4. On the Select a data source page, scroll or search for Microsoft Teams to connect your third-party source.

  5. Enter your Microsoft Teams authentication information and click Continue.

  6. Select which entities to sync and click Continue.

  7. Select a region for your data store.

  8. Enter a name for your data connector.

  9. Select a synchronization frequency.

  10. Click Create. Agentspace Enterprise creates your data store and displays your data stores on the Data stores page.

  11. To check the status of your ingestion, go to the Data stores page and click your connector name to see details about it on its Data page. The Connector state changes from Creating to Running when it starts synchronizing data. When ingestion is complete, the state changes to Active to indicate that the connection to your data source is set up and awaiting the next scheduled synchronization.

    Depending on the size of your data, ingestion can take several minutes or several hours.

Next steps

Connect Monday

Use the following procedure to sync data from Monday to Agentspace Enterprise.

After you set up your data source and import data the first time, the data store syncs data from that source at a frequency that you select during setup.

Before you begin

Before setting up your connection, make sure that you have the domain URL, administrator access, and API token.

To generate the account URL and API token, do the following:

  1. Sign in to the Monday application with your administrator account.
  2. Click the Profile icon.
  3. Select Administration.
  4. Navigate to the General tab and enter the Account name and Account URL.
  5. Return to the Profile icon and select Developers.
  6. On the Monday developer center page, click My access tokens.
  7. Click Show to display the token.
  8. Copy the token for use in authentication.

Create a Monday connector

Console

To use the Google Cloud console to sync data from Monday to Agentspace Enterprise, follow these steps:

  1. In the Google Cloud console, go to the Agentspace Enterprise page.

    Agentspace Enterprise

  2. On the Data stores page, click Create data store.

  3. On the Select a data source page, scroll or search for Monday to connect your third-party source.

  4. Enter your Monday authentication information and click Continue.

  5. Select which entities to sync and click Continue.

  6. Select a region for your data store.

  7. Enter a name for your data connector.

  8. Select a synchronization frequency.

  9. Click Create. Agentspace Enterprise creates your data store and displays your data stores on the Data stores page.

  10. To check the status of your ingestion, go to the Data stores page and click your connector name to see details about it on its Data page. The Connector state changes from Creating to Running when it starts synchronizing data. When ingestion is complete, the state changes to Active to indicate that the connection to your data source is set up and awaiting the next scheduled synchronization.

    Depending on the size of your data, ingestion can take several minutes or several hours.

Next steps

Connect Notion

Use the following procedure to sync data from Notion to Agentspace Enterprise.

After you set up your data source and import data the first time, the data store syncs data from that source at a frequency that you select during setup.

Before you begin

Before setting up your connector:

  1. In addition to the third-party connector allowlist, this connector requires that your project is added to an additional allowlist. To be added to this allowlist, contact your Agentspace Enterprise account team.

  2. A Notion administrator must generate or obtain the following for integrating with Agentspace Enterprise:

    • API token of the Notion instance
    • Workspace ID
  3. Set up access control for your data source. For information about setting up access control, see Use data source access control.

Create a Notion connector

Console

To use the Google Cloud console to sync data from Notion to Agentspace Enterprise, follow these steps:

  1. In the Google Cloud console, go to the Agentspace Enterprise page.

    Agentspace Enterprise

  2. In the navigation menu, click Data stores.

  3. Click Create data store.

  4. On the Select a data source page, scroll or search for Notion to connect your third-party source.

  5. Enter your Notion authentication information and click Continue.

  6. Select which entities to sync and click Continue.

  7. Select a region for your data store.

  8. Enter a name for your data connector.

  9. Select a synchronization frequency.

  10. Click Create. Agentspace Enterprise creates your data store and displays your data stores on the Data stores page.

  11. To check the status of your ingestion, go to the Data stores page and click your connector name to see details about it on its Data page. The Connector state changes from Creating to Running when it starts synchronizing data. When ingestion is complete, the state changes to Active to indicate that the connection to your data source is set up and awaiting the next scheduled synchronization.

    Depending on the size of your data, ingestion can take several minutes or several hours.

Next steps

Connect Okta

Use the following procedure to sync data from Okta to Agentspace Enterprise.

After you set up your data source and import data the first time, the data store syncs data from that source at a frequency that you select during setup.

Before you begin

Before setting up your connector, make sure that you have the domain URL and administrator access to the Okta instance. Use the following steps to obtain the Okta instance URL, client ID, and API token.

  1. To obtain the Okta instance URL, do the following:

    1. Sign in to the Okta login page with your administrator credentials.
    2. Click your profile icon or navigate directly to the Admin console. Your Okta instance URL appears as the subdomain in the address bar.
  2. To generate the client ID and API token, do the following:

    1. Sign in to your Okta instance URL with your administrator account.
    2. Navigate to the Admin dashboard.
    3. Click the Applications icon and select Applications.
    4. Click Create app integration.
    5. Select OIDC - OpenID Connect.
    6. Select Web application as the application type, and then click Next.
    7. Enter a name in the App integration name field.
    8. Scroll to see Assignments, select Skip group assignment for now.
    9. Click Save.
    10. In the Client credentials window, click Edit.
    11. Select Public key / Private key.
    12. Under Public key, click Add key.
    13. Click Generate new key, and then click Done and Save.
    14. A dialog appears; click Save.
    15. Under General settings, click Edit.
    16. Select Client credentials, and then click Save.

Create a Okta connector

Console

To use the Google Cloud console to sync data from Okta to Agentspace Enterprise, follow these steps:

  1. In the Google Cloud console, go to the Agentspace Enterprise page.

    Agentspace Enterprise

  2. In the navigation menu, click Data stores.

  3. Click Create data store.

  4. On the Select a data source page, scroll or search for Okta to connect your third-party source.

  5. Enter your Okta authentication information and click Continue.

  6. Select which entities to sync and click Continue.

  7. Select a region for your data store.

  8. Enter a name for your data connector.

  9. Select a synchronization frequency.

  10. Click Create. Agentspace Enterprise creates your data store and displays your data stores on the Data stores page.

  11. To check the status of your ingestion, go to the Data stores page and click your connector name to see details about it on its Data page. The Connector state changes from Creating to Running when it starts synchronizing data. When ingestion is complete, the state changes to Active to indicate that the connection to your data source is set up and awaiting the next scheduled synchronization.

    Depending on the size of your data, ingestion can take several minutes or several hours.

Next steps

Connect OneDrive

Use the following procedure to sync data from OneDrive to Agentspace Enterprise.

After you set up your data source and import data the first time, the data store syncs data from that source at a frequency that you select during setup.

Before you begin

Before setting up your connection:

  1. Set up access control for your data source. For information about setting up access control, see Use data source access control.

  2. Have the following OneDrive authentication information ready:

    1. Client ID, client secret, and tenant ID. For information about setting up these parameters, see Quickstart: Register an application with the Microsoft identity platform in the Microsoft documentation.

    2. Specify scopes for access. An administrator role is required. For more information, see Quickstart: Configure a client application to access a web API in the Microsoft Entra documentation.

    3. Configure the following scopes:

Create a OneDrive connector

Console

To use the Google Cloud console to sync data from OneDrive to Agentspace Enterprise, follow these steps:

  1. In the Google Cloud console, go to the Agentspace Enterprise page.

    Agentspace Enterprise

  2. In the navigation menu, click Data stores.

  3. Click Create data store.

  4. On the Select a data source page, scroll or search for OneDrive to connect your third-party source.

  5. Enter your OneDrive authentication information.

  6. Select which entities to sync and click Continue.

  7. Select a region for your data store.

  8. Enter a name for your data store.

  9. Select a synchronization frequency for your data store.

  10. Click Create. Agentspace Enterprise creates your data store and displays your data stores on the Data stores page.

  11. To check the status of your ingestion, go to the Data stores page and click your data store name to see details about it on its Data page. The Connector state changes from Creating to Running when it starts synchronizing data. When ingestion is complete, the state changes to Active to indicate that the connection to your data source is set up and awaiting the next scheduled synchronization.

    Depending on the size of your data, ingestion can take minutes or hours.

Next steps

Connect Salesforce

Use the following procedure to sync data from Salesforce to Agentspace Enterprise.

After you set up your data source and import data the first time, the data store syncs data from that source at a frequency that you select during setup.

Before you begin

Before setting up your connection:

  1. Set up access control for your data source. For information about setting up access control, see Use data source access control.

  2. Have the following authentication information ready. For information about setting up client ID and client secret in Salesforce, see Configure a connected app for the OAuth 2.0 client credentials flow in the Salesforce documentation.

    • Instance URL
    • Consumer ID
    • Consumer secret

The following limitations apply:

  1. Use either an Enterprise or Developer plan. Trial accounts are not supported.
  2. Make sure that you are using Sales Cloud. Service Cloud is not supported.
  3. Add Google Cloud to Salesforce CORS allowlist. Go the next step if you have already completed this task.
    1. Follow the instructions in the Salesforce documentation to configure the CORS allowlist.
    2. Enter https://console.cloud.google.com/ as an origin URL and save your configuration.

Create a Salesforce connector

Console

To use the Google Cloud console to sync data from Salesforce to Agentspace Enterprise, follow these steps:

  1. In the Google Cloud console, go to the Agentspace Enterprise page.

    Agentspace Enterprise

  2. In the navigation menu, click Data stores.

  3. Click Create data store.

  4. On the Select a data source page, scroll or search for Salesforce to connect your third-party source.

  5. Enter your Salesforce authentication information.

  6. Select which entities to sync and click Continue.

  7. Select a region for your data store.

  8. Enter a name for your data store.

  9. Select a synchronization frequency.

  10. Click Create. Agentspace Enterprise creates your data store and displays your data stores on the Data stores page.

  11. To check the status of your ingestion, go to the Data stores page and click your data store name to see details about it on its Data page. The Connector state changes from Creating to Running when it starts synchronizing data. When ingestion is complete, the state changes to Active to indicate that the connection to your data source is set up and awaiting the next scheduled synchronization.

    Depending on the size of your data, ingestion can take minutes or hours.

Next steps

Connect ServiceNow

Use the following procedure to sync data from ServiceNow.

After you set up your data source and import data the first time, the data store syncs data from that source at a frequency that you select during setup.

Before you begin

Before setting up your connection, ensure you have the following in place:

  1. ServiceNow instance: Create a ServiceNow instance by following the instructions on the ServiceNow Developer documentation.
  2. Google Cloud project: Set up a Google Cloud project with an administrator account capable of managing organization-level configurations, ensuring the organization can set up a workforce pool.

  3. Workforce pool: Make sure your organization is set up to manage a workforce pool.

Set up ServiceNow

ServiceNow offers two primary sites:

  1. Main ServiceNow site: The site for your ServiceNow instance.

    • Manages users, groups, and system administration tasks.
    • URL: The URL for your ServiceNow instance.
    • Sign in using your administrator credentials.
  2. Developer site:

    • Configures the knowledge base, sets up workflows, and develops custom applications.
    • URL: https://developer.service-now.com.
    • Sign in using your ServiceNow ID.

To create an OAuth endpoint, do the following:

  1. Sign into the main ServiceNow instance with an administrator role.
  2. Navigate to All > System OAuth > Application registry.

    select
    Select application registry

  3. Click New.

    select
    Click the New button

  4. Click Create an OAuth API endpoint for external clients.

    select
    Select the option to create an OAuth API endpoint for external clients

  5. Fill in the required fields:

    1. Name: Enter a Unique name.
    2. Redirect URL: Enter the redirect URL.
  6. Click Submit to create the credential.

    select
    Enter the redirect URL

  7. After submission, click the name to view the Client ID.

    select
    View the client ID

  8. The secret is masked. Click the lock icon next to it to unmask and view client secret.

    select
    Click the lock icon

  9. Save the Client ID and Client secret for later use.

    select
    Copy the client ID and client secret

To retrieve ServiceNow instance credentials, do the following:

  1. Go to developer.service-now.com and click Manage instance password.

    select
    Click the Manage instance password button

  2. Keep a copy of the instance URL, username, and password to use when required.

At this stage, all five pieces of information needed to set up a ServiceNow data store are available. If there are no concerns with using the administrator role to pull data, proceed to creating a data store.

Set up roles and permissions

Elevate the administrator role to security_admin to manage users and roles.

  1. Click your profile icon and then select Elevate role.

    select
    Click the Elevate role button

  2. Select security_admin and then click Update. The security_admin role helps to create roles and manage users.

    select
    Select the security_admin role and then click the Update button

  1. Use administrator role: You can use an administrator role to pull data. You can either use the default administrator role configured with the instance, or create a new user with an administrator role using the following instructions.

    1. Go to All > User administration > Users.

      select
      Select users

    2. Create a new user with a name.

      select
      Select username

    3. Enable Web service access only. When you select Web service access only, you create a non-interactive user.

      Interactive users vs. non-interactive users: Interactive users can sign in to the ServiceNow UI or service portal using their username and password. They can access an instance through a URL that points to a UI page, form, or list. They can also connect using single sign-on methods such as digest authentication or security assertion markup language (SAML). Additionally, they can use their credentials to authorize SOAP connections if permitted by strict security settings, and they have unrestricted access to other API connections such as WSDL, JSON, XML, or XSD.

      Whereas, non-interactive users can only use their credentials to authorize API connections like JSON, SOAP, and WSDL. They cannot sign in to the ServiceNow UI and can only access the instance through API protocols.

    4. After user creation, select the user from the users list.

      select
      Pick a user

    5. Click Roles > Edit.

      select
      Edit roles

    6. Add Admin.

    7. Click Save to add a list of roles to the user.

      select
      Add list of roles to the user

    8. Click Set password, auto-generate, and save it.

      select
      Set password

  2. Custom role (Recommended): Using the administrator role may not suit teams or organizations that want to avoid assigning overly powerful permissions. This option provides a role with three specific permissions that grant the required access.

    1. Go to All > System security > Users and groups > Roles.

      select
      Add roles

    2. Select New, enter a name.

      select
      Click the New button

    3. Click Submit.

      select
      Click the Submit button

    4. Find the created role in the list.

      select
      Search using the role name and click the role

    5. Navigate to Contains roles > Edit.

      select
      Click the Edit button

    6. Add the following roles to the newly created role, and then click Save.

      • catalog_admin
      • knowledge_admin
      • incident_manager

      select
      Add roles and click the Save button

    7. Confirm updates.

      select
      Confirm roles

    8. The following figure shows the custom role that include three roles:

      select
      Custom roles

  3. Custom role with ACL rules: This option requires category_admin and knowledge_admin roles. It provides the minimal set of permissions.

    1. Go to All > User administration > Roles.

      select
      Select roles

    2. Click New.

      select
      Click the New button

    3. Provide a name and Submit.

      select
      Select a name and submit

    4. Go to System security > Access control (ACL).

      select
      Select access control (ACL)

    5. Click New to create a new ACL rule.

      select
      Click the New button

    6. Repeat the following two steps until you grant access to all required tables.

      1. Use sys_user_role as an example to see how table access is granted.

        select
        Select sys_user_role

      2. Click Submit and select the role.

      The connector needs access to these tables for each entity to run successfully.

Table name Description
incidentShow incidents in search results.
sc_cat_itemShow catalog items in search results.
sc_cat_item_user_criteria_mtomEnforce ACL by accessing catalog item user criteria.
sc_cat_item_user_criteria_no_mtomEnforce ACL by accessing catalog item user criteria.
sc_cat_item_user_mtomEnforce ACL by accessing catalog item user criteria.
sc_cat_item_user_no_mtomEnforce ACL by accessing catalog item user criteria.
kb_knowledgeShow knowledge items in search results.
kb_knowledge_baseShow knowledge base in search results.
kb_uc_can_contribute_mtomEnforce ACL by accessing who can contribute to knowledge base.
kb_uc_can_read_mtomEnforce ACL by accessing knowledge user criteria.
sys_user_roleEnforce ACL by accessing user roles.
sys_user_has_roleEnforce ACL by accessing role information of users.
sys_user_groupEnforce ACL by accessing user group segments.
sys_user_grmemberEnforce ACL by accessing group membership of users.
sys_userEnforce ACL by accessing user table.
core_companyEnforce ACL by accessing company attributes.
cmn_locationEnforce ACL by accessing location attribute.
cmn_departmentEnforce ACL by accessing department attributes.
user_criteriaEnforce ACL by accessing user criteria.

To run successfully, the catalog item entity connector also requires explicit access to all fields of the sc_cat_item table.

To grant and verify the ACL access, do the following:

  1. Grant explicit access by creating a new ACL rule and manually entering sc_cat_item.* in the Name field of the form.

    select
    Enter sc_cat_item.*

  2. Verify that all the ACLs are updated.

  3. Go to sys_security_acl_role_list.do in the search bar.

    select
    Enter sys_security_acl_role_list.do

  4. Select Role with the role that you want to verify.

    select
    Select role to verify

  5. Verify that all the required ACLs are assigned to the role.

Grant role to a user

  1. Go to All > User administration > Users.

    select
    Select users

  2. Find or create a new user.

    select
    Find or create a new user

  3. If no user is available, go to System security > Users and groups > Users.

    select
    Select users

  4. Click New.

    select
    Click the New button

  5. Create a new service account in the user table. Make sure to click Web service access only.

    select
    Click the Web service access only option

  6. Scroll to Roles.

    select
    Navigate to Roles

  7. Click Edit.

    select
    Edit Roles

  8. Grant the role you created and assign it to the user. Based on the type of role you created in the previous step, select the appropriate one and assign it to the user. Click Save.

    select
    Select and assign the role

    OR

    select
    Assign the role and save

  9. View the custom role with ACL.

    select
    Custom role with ACL

  10. Obtain the username and password for the user and click Set password.

    select
    Set password

  11. Auto-generate a password and keep it for later use.

    select
    Auto-generate a password

Create a ServiceNow connector

Console

To use the Google Cloud console to sync data from ServiceNow to Agentspace Enterprise , follow these steps:

  1. In the Google Cloud console, go to the Agentspace page.

    Agentspace

  2. In the navigation menu, click Data stores.

  3. Click Create data store.

  4. On the Select a data source page, scroll or search for ServiceNow to connect your third-party source.

  5. Enter your ServiceNow authentication information.

    • Instance URI
    • Client ID
    • Client secret
    • User account
    • Password

    select
    ServiceNow authentication information

  6. Fill in a unique name for your data store and click Create.

  7. Select which entities to sync and click Continue.

  8. Select a region for your data connector.

  9. Select a synchronization frequency (daily / every 3 / 5 days).

  10. Click Create. Agentspace Enterprise creates your data store and displays your data stores on the Data stores page.

  11. To check the status of your ingestion, go to the Data stores page and click your data connector name to see details about it on its Data page. The Connector state changes from Creating to Running when it starts synchronizing data. When ingestion is complete, the state changes to Active to indicate that the connection to your data source is set up and awaiting the next scheduled synchronization.

    Depending on the size of your data, ingestion can take several minutes or several hours.

Configure the workforce pool

The workforce pool lets you to manage and authenticate users from external identity providers, such as Azure or Okta, within Google Cloud console. To configure your workforce pool and enable the web app for seamless user access, do the following:

  1. Create workforce pool at the organization level in Google Cloud by following the appropriate setup manual:

    1. Azure OIDC setup
    2. Azure SAML setup
    3. Okta & OIDC setup
    4. Okta & SAML setup
  2. Configure the workforce pool in Agentspace > Settings for the region where you create your app.

Next steps

Connect SharePoint Data Center On-premises

This section describes the process to create a SharePoint Data Center on-premises connector.

Sync data from SharePoint Data Center on-premises

Use the following procedure to sync data from SharePoint Data Center on-premises.

After setting up your data source and importing data for the first time, the data store synchronizes data from the source at the frequency specified during configuration.

Before you begin

Before setting up your connection, do the following:

  1. Service attachment (required for private destination type only): Use the following steps to generate a service attachment for secure data transfer.

    1. Decide endpoint type: Select Public or Private endpoint.
    2. For Public endpoint: If the SharePoint Data Center Destination type is Public, you are not required to create the setup for service attachment. Instead, you can use your public URL in the Domain URL field of the Google Cloud console when creating your connector.

    3. For Private endpoint:

      1. Use private service connect (PSC) to enable connections from private instances to Google Cloud
      2. Create a Virtual Private Cloud network and required subnets.
      3. Create a virtual machine (VM) instance and install the backend service.
      4. Optional: Set up a health check probe to monitor backend health.
      5. Add a load balancer to route traffic to the VM or backend.
      6. Define firewall rules to allow traffic between the PSC endpoint and the backend
      7. Publish the endpoint by creating a PSC service attachment.
  2. Username and password: Obtain valid credentials for authentication from your SharePoint administrator.

  3. Optional for the private destination type: Domain URL: Keep the domain URL of the SharePoint Data Center instance if the instance is behind a proxy or SSL-based connection.

  4. Optional: Base domain name: Provide the base domain name for the SharePoint instance.

  5. Optional: Destination port: Identify the port used for communication with the SharePoint Data Center.

  6. Use the following configuration guidelines to establish connections with Private Service Connect (PSC). Adjust or add resources as needed. Make sure the PSC service attachment is properly configured to connect to the private instance and meets the requirements for a published service.

    1. Configure network settings:

      1. Place the PSC service attachment and load balancer in different subnets within the same Virtual Private Cloud network.

      2. The backend system must remain closed to the public network for security reasons. However, ensure it can accept traffic from the following sources:

        • For proxy-based/HTTP(s) load balancers (L4 proxy ILB, L7 ILB), configure the backend to accept requests from the proxy subnet in the Virtual Private Cloud network.

        • For more information, see the Proxy-only subnets for Envoy-based load balancers documentation.

    2. Adjust firewall rules:

      1. Ingress rules:

        • Allow traffic from the PSC service attachment subnet to the internal load balancer (ILB) subnet.
        • Make sure that the ILB can send traffic to the backend.
        • Permit health check probes to reach the backend.
      2. Egress rules: Enable egress traffic by default, unless specific deny rules apply.

  7. Additional considerations: Make sure to keep all the components, including the PSC service attachment and load balancer, in the same region.

Create a SharePoint minimum access permission user and set up permissions

To create a SharePoint minimum access permission user, obtain a username and password from an administrator. The administrator must sign in and follow these steps to create a new user in the SharePoint Data Center instance:

  1. Click the Start menu and navigate to Windows administrative tools > Active directory users and computers.
  2. Launch the Active directory users and computers application.
  3. Expand the organization unit and navigate to the Users container where the new user is added.
  4. Right-click on Users and select New > User.
  5. In the New object:User window, enter the following details:
    • First name (do not use a comma or dot)
    • Full name
    • User logon name
  6. Click Next.
  7. Enter and confirm the password, then select:
    • User cannot change password
    • Password never expires
  8. Click Next, then Finish.
  9. Locate the created user in the Users section, double-click on it, and select Properties.
  10. In the Properties window, add an email for the user and click Apply.

Assign minimum access permissions to the SharePoint user

  1. Navigate to the Site collection.
  2. Click Settings (gear icon menu).
  3. Go to Site Permissions.
  4. Select Advanced permissions settings.
  5. Locate and select the SiteName visitors group (this group is automatically created when the site is set up and has default read access).
  6. Add the user to the SiteName visitors group to grant them read-only access.

Note: This access inherits all permissions for lists, libraries, pages, and events that have read permissions.

Configure the site collection in SharePoint

  1. Sign in to the SharePoint admin console using the administrator username and password.
  2. In the Central administration page, navigate to Application management.
  3. Click Create site collections.
  4. In the Create site collection page:
    • Enter the required details in the Title and Description fields.
    • In the Web site address section, enter the URL name for the site.
  5. In the Primary site collection administrator section:
    • Click the Browse button next to the User name field.
    • In the Select people dialog, enter the administrator username and click the search icon.
    • Select the user and click Ok.
  6. The Site successfully created page appears, displaying the site URL.
  7. Copy the URL and open it in a new tab to access the site.

Sign in with the created user

  1. Use the created user's credentials to sign in to the SharePoint site.
  2. Verify access and permissions for the user.

Create a SharePoint Data Center On-premises connector

Console

  1. In the Google Cloud console, go to the Agentspace page.

    Agentspace

  2. In the navigation menu, click Data stores.

  3. Click Create data store.

  4. On the Select a data source page, scroll or search for SharePoint data center to connect your third-party source.

  5. Enter your authentication information and click Continue.

  6. From the Destination type drop-down list, select Public or Private.

    1. For Public destination type, you are not required to create the setup for service attachment. Instead, you can use your public URL in the Domain URL field of the Google Cloud console.

    2. For Private destination type, enter all the required information:

      1. If your instance has a domain URL:
        • Service attachment: Enter your service attachment.
        • Optional: Base domain name: Enter your base domain.
        • Domain URL: Enter your domain URL.
        • Optional: Destination port: Enter your destination port.
      2. If your instance does not have a domain URL:
        • Service attachment: Enter your service attachment.
        • Optional: Destination port: Enter your destination port.
  7. Click Continue.

  8. Optional: Advanced options: Select and enable Proxy settings and SSL settings, if required.

  9. Under the Entities to sync, select all the required entities to sync and click Continue.

  10. Select a region for your data connector and enter a name for your data connector.

  11. Select a synchronization frequency.

To manage connector states, do the following:

  1. For private destination type:

    1. Submit the connector details.
    2. VAIS sends a connection request to your PSC.
    3. Navigate to your connector to see a message to allowlist a projectId in the PSC.
    4. Allow the connection in PSC:
      1. The connector remains in the Error state until you approve the request.
      2. After approval, the connector moves to the Active state during the next sync run.
    5. If your PSC is configured to accept all connections, the connector automatically moves to the Active state after creation.
  2. For public destination type:

    1. Submit the connector details.
    2. The connector automatically enters the Active state after submission.

To verify the state of the data store and the ingestion activity, do the following:

  1. Navigate to the connector in the data store list and monitor its state until it changes to Active.
  2. After the connector state changes to Active, click the required entity and confirm that all selected entities are ingested. The data store state transitions from Creating to Running when synchronization begins and changes to Active once ingestion completes, indicating that the data store is set up. Depending on the size of your data, ingestion can take several hours.

Next steps

Connect SharePoint Online

Use the following procedure to sync data from SharePoint Online.

After you set up your data source and import data the first time, the data store syncs data from that source at a frequency that you select during setup.

Before you begin

Before setting up your connection:

  1. Set up access control for your data source. For information about setting up access control, see Use data source access control.

  2. Grant administrator consent. For information about how to grant consent, see Grant tenant-wide administrator consent to an application in the Microsoft Entra documentation.

  3. Prepare the following Sharepoint Online authentication information to use during setup:

    1. Instance URL. In the form http://DOMAIN_OR_SERVER/[sites/]WEBSITE —for example, mydomain.sharepoint.com/sites/sample-site.

    2. Federated authentication requires the tenant ID and client ID, while OAuth requires the tenant ID, client ID, and client secret. To register the application, select Accounts in this organizational directory only for the sign-in audience, and then locate this authentication information. For more information, see Quickstart: Register an application with the Microsoft identity platform in the Microsoft Entra documentation.

    3. When registering the application, use https://vertexaisearch.cloud.google.com/console/oauth/sharepoint_oauth.html as the web callback URL.

  4. The following table describes the roles that are recommended for configuration and their limitations.

    Use this method for granular control over SharePoint REST API permissions, allowing you to restrict resource access on the user account. Make sure to create a new SharePoint user, which might add licensing costs. Use the OAuth 2.0 refresh token method to set up an Entra application registration and enable secure access to SharePoint.

Configure Entra application registration

Set up an Entra application registration to enable secure access to SharePoint. Choose between Federated credentials for token-based access or OAuth 2.0 refresh token for granular control. Use the following steps to configure the app registration, grant permissions, and establish authentication.

  1. Federated credentials: Set up federated credentials to securely allow Google to access SharePoint using cryptographically signed tokens, avoiding the need for a real user principal. To configure permissions and grant access, do the following:

    1. Obtain service account client ID:

      1. In the Google Cloud console, go to the Agentspace Enterprise page.
      2. In the navigation menu, click Data stores.
      3. Click Create data store.
      4. On the Select a data source page, scroll or search for SharePoint Online to connect your third-party source.
      5. Note the Subject identifier. Don't click Continue yet. Perform the next steps in this task and then complete the steps in the Google Cloud console by following the instructions in Create a SharePoint Online connector.
        Note the subject identifier in the Console
        Note the subject ID but don't click Continue yet
    2. Register app in Microsoft Entra:

      1. Navigate to Microsoft Entra admin center.
      2. In the menu, expand the Applications section and select App registrations.
      3. On the App registrations page, select New registration.
        Register a new app in Entra
        Register a new app in Microsoft Entra admin center
      4. Create an app registration on the Register an application page:

        • In the Supported account types section, select Accounts in the organizational directory only.
        • In the Redirect URI section, select Web and enter the redirect URI.
        • Keep other settings default and click Register.
          Register Accounts in the organizational directory only
          Select the account type and enter the redirect URI
      5. Note the Client ID and Tenant ID.

        App details page summary
        App details page

    3. Add federated credentials:

      1. Go to Certificates & secrets > Federated credentials > Add credential.

        Add federated credentials in Entra
        Add federated credentials in Microsoft Entra

      2. Use the following settings:

        • Federated credential scenario: Other issuer
        • Issuer: https://accounts.google.com
        • Subject identifier: Use the value of Subject identifier that you noted in Google Cloud console in Step 1.a.v.
        • Name: Provide a unique name.
      3. Click Add to grant access.

        Connect your Google Account to Microsoft Entra ID
        Connect your Google Account to Microsoft Entra ID

    4. Set API permissions:

      Select the app to set API permissions
      Select the app to set API permissions

      1. Add and grant admin consent for the following Microsoft Graph permissions with the type set to Application:

        • GroupMember.Read.All: Read all group memberships.
        • Sites.FullControl.All: Full control over all sites.
        • Sites.Read.All: Read all sites. Use Sites.Selected to assign specific site permissions instead of Sites.FullControl.All. Sites.Selected can't be directly configured through the UI. After selecting Sites.Selected, you must call the Microsoft Graph API to explicitly grant the fullcontrol role to the application for the sites you want to crawl.
        • User.Read.All: Read all users' full profiles.
          Select the API permissions
          Request the API permissions (Application) for Microsoft Graph
      2. Add and grant admin consent for the following SharePoint permissions with the type set to Delegated:

        • AllSites.FullControl: Have full control of all site collections
        • AllSites.Read: Read items in all site collections
          Select the API permissions
          Select the API permissions
  2. OAuth 2.0 refresh token: Configure OAuth 2.0 authentication using a client secret and a refresh token from the SharePoint user to enable granular control over SharePoint API access. To set up app registration, add a client secret, and assign API permissions, do the following:

    1. Create app registration:

      1. Navigate to Entra administrator center.

      2. Create an app registration:

        • Supported account types: Accounts in the organizational directory only.
        • Redirect URI: https://vertexaisearch.cloud.google.com/console/oauth/sharepoint_oauth.html.
      3. Note the Client ID and Tenant ID.

        Copy the Client ID and the Tenant ID
        Copy the Client ID and the Tenant ID

    2. Add client secret:

      1. Go to Certificates & secrets > New client secret.
        Create new client secret
        Create a new client secret
      2. Note the secret string.
        Copy the Secret ID
        Copy the secret ID
    3. Set API permissions:

      1. Add and grant administrator consent for the following permissions:

        • GroupMember.Read.All: Read all group memberships.
        • Sites.FullControl.All: Full control of all site collections.
        • User.Read.All: Read all users' full profiles.
        • AllSites.FullControl: Full control over all sites.
      2. Use a dedicated user account with limited access to specific sites.

      3. Make sure the account has Owner access to the selected sites.

Create a SharePoint Online connector

Console

To use the Google Cloud console to sync data from Slack to Agentspace Enterprise , follow these steps:

  1. In the Google Cloud console, go to the Agentspace Enterprise page.

    Agentspace Enterprise

  2. In the navigation menu, click Data stores.

  3. Click Create data store.

  4. On the Select a data source page, scroll or search for SharePoint Online to connect your third-party source.

    Search for Sharepoint in the available daa sources
    Search for and select Sharepoint as the data source

  5. Enter your Sharepoint Online authentication information and click Continue.

    Add rge authentication info
    Add the authentication information

  6. Enter the SharePoint site URL:

    • For a single site: https://domain_name.sharepoint.com/sites/<site_name>.
    • For all first-level sites: https://domain_name.sharepoint.com.
  7. Select the entities to sync and click Continue.

    Select the entities to sync
    Select the entities to sync and the sync frequency

  8. Select a region for your data store.

  9. Enter a name for your data store.

  10. Select a synchronization frequency for your data store.

    • Data synchronization frequencies range from three hours to seven days
    • Identity synchronization frequencies range from 30 minutes to seven days
  11. Click Create. Agentspace Enterprise creates your data store and displays your data stores on the Data stores page.

  12. To check the status of your ingestion, go to the Data stores page and click your data store name to see details about it on its Data page. The Connector state changes from Creating to Running when it starts synchronizing data. When ingestion is complete, the state changes to Active to indicate that the connection to your data source is set up and awaiting the next scheduled synchronization.

    Data store details showing connector status
    Connector status on the data store details page

    Depending on the size of your data, ingestion can take minutes or hours.

Test the search engine

After configuring your search engine, test its capabilities. This ensures it returns accurate results based on user access.

  1. Enable web app:

    1. Go to the app integration configurations and toggle to Enable the web app.
  2. Test web app:

    1. Click Open next to the web app link and sign in with a user in your workforce pool.

    2. Verify that search results are restricted to items accessible by the logged-in user.

Configure the workforce pool

The workforce pool lets you to manage and authenticate users from external identity providers, such as Azure or Okta, within Google Cloud console. To configure your workforce pool and enable the web app for seamless user access, do the following:

  1. Create workforce pool at the organization level in Google Cloud by following the appropriate setup manual:

    1. Azure OIDC setup
    2. Azure SAML setup
    3. Okta & OIDC setup
    4. Okta & SAML setup
  2. Configure the workforce pool in Agentspace Enterprise > Settings for the region where you create your app.

Next steps

Connect Slack

Use the following procedure to sync data from Slack.

After you set up your data source and import data the first time, the data store syncs data from that source at a frequency that you select during setup.

Before you begin

Before setting up your connection:

  1. Set up access control for your data source. For information about setting up access control, see Use data source access control.

  2. To follow the steps in Configure your Slack app, you must have the permissions to install new apps in your workspace, that's included in the Workspace Owner role. Contact your Workspace Primary Owner to be assigned as a Workspace Owner.

  3. Understand that by default, Slack restricts crawling and syncing content from private channels, group messages, and direct messages.

Configure the Slack app

The Slack connector requires an access token to be able to ingest documents from your Slack workspace. To obtain an access token to allow Agentspace Enterprise to ingest documents from your Slack workspace.

For more information, see Quickstart and How to quickly get and use a Slack API token in the Slack documentation.

There are two different types of tokens you can use:

  • Bot token
    • Benefits:
      • It's not tied to a specific user.
      • It can have a more secure access to private Slack channels, instant messages (IM), and multi-person instant messages (MPIM). The members involved in those channels and messages can invite the bot.
      • The bot can also be invited to public channels. When configuring the bot token, you can add the channels:join permission for the crawler to automatically attempt to join all public channels.
    • Limitations:
      • When the bot attempts to join public channels, a join message is sent to the channel.
  • User token
    • Benefits:
      • It can access all public channels without the need to join them beforehand.
    • Limitations:
      • It's tied to a specific user.
      • With user token, users can't crawl private channels, IMs, and MPIMs that they're not a part of.

Configure bot token

The following steps show you how to configure a bot token:

  1. Sign in to Slack API Apps.
  2. Click Create new app.
    Button in the Slack App to Create New App
    Create new app in Slack App
  3. Select From scratch. This option lets you configure the app's information, scopes, settings, and features.
    Start creating the app from scratch
    Start creating the app from scratch
  4. Enter a name for your app. The name you select is visible to all Slack users.
  5. Select the workspace for integration. Because you can't change an app's workspace later, ensure that you select the correct workspace.
    Enter a name and select the correct workspace
    Enter a name and select the correct workspace
  6. Click Create app.
  7. In the sidebar, select OAuth & permissions.
    OAuth & Permissions in the Slack app's sidebar
    OAuth & Permissions in the Slack app's sidebar
  8. Under Bot token scopes, add the following required scopes: By default, the bot reads from the #general and #random channels.
    Select the scopes for the bot token
    Select the scopes for the bot token
  9. To enable the bot to crawl the channels, do the following:
    1. For public channels, do one of the following:
      • Invite the bot manually.
      • Grant the channels:join scope to allow the bot to attempt join automatically.
    2. For private channels, invite the bot manually.
  10. On the same page, click Install to WORKSPACE_NAME.
    Install the app in your workspace
    Install the app in your workspace
  11. Follow the on-screen instructions to install the app and after the app is installed, copy and note the bot's OAuth token.
    Copying the bot token after installation
    Copy the bot's OAuth token

Configure a user token

The following steps show you how to configure a bot token:

  1. Sign in to Slack API Apps.
  2. Click Create new app.
    Button in the Slack App to Create New App
    Create new app in Slack App
  3. Select From scratch. This option lets you configure the app's information, scopes, settings, and features.
    Start creating the app from scratch
    Start creating the app from scratch
  4. Enter a name for your app. The name you select is visible to all Slack users.
  5. Select the workspace for integration. Because you can't change an app's workspace later, ensure that you select the correct workspace.
    Enter a name and select the correct workspace
    Enter a name and select the correct workspace
  6. Click Create app.
  7. In the sidebar, select OAuth & permissions.
    OAuth & Permissions in the Slack app's sidebar
    OAuth & Permissions in the Slack app's sidebar
  8. Under User token scopes, add the following required scopes:
    Select the scopes for the user token
    Select the scopes for the user token
  9. On the same page, click Install to WORKSPACE_NAME.
    Install the app in your workspace
    Install the app in your workspace
  10. Follow the on-screen instructions to install the app and after the app is installed, copy and note your user OAuth token.
    Copying the user token after installation
    Copy the user's OAuth token

Create a Slack Cloud connector

Console

To use the Google Cloud console to sync data from Slack to Agentspace Enterprise , follow these steps:

  1. In the Google Cloud console, go to the Agentspace page.

    Agentspace

  2. In the navigation menu, click Data stores.

  3. Click Create data store.

    In the console create a data store
    In the Google Cloud console, create a data store

  4. On the Select a data source page, scroll or search for Slack to connect your third-party source.

  5. Enter your Slack authentication information.

    • Instance ID (Workspace ID):
      1. To obtain your workspace ID, sign in to your Slack workspace using a web browser. Don't use the Slack app. For more information, see Specify the Slack source for your data store.
      2. In the URL, note the unique workspace ID, which is the string after /client beginning with T.
        get the workspace ID in the URL next to the client segment
        Obtain the instance ID (workspace ID)
    • Auth token: Use the token obtained from the last when you generated the bot token or the user token.
  6. Select which entities to sync and click Continue.

    1. To crawl all channels, retain the default selections.
    2. To crawl specific channels, click Filter and select the channels. The following image shows an example configuration that allows crawling of channels named general and random.
      select the channels that you want to crawl
      Select the channels to crawl
  7. Select a region for your data store.

  8. Enter a name for your data store.

  9. Select a synchronization frequency for your data store.

  10. Click Create. Agentspace Enterprise creates your data store and displays your data stores on the Data stores page.

  11. To check the status of your ingestion, go to the Data stores page and click your data store name to see details about it on its Data page. The Connector state changes from Creating to Running when it starts synchronizing data. When ingestion is complete, the state changes to Active to indicate that the connection to your data source is set up and awaiting the next scheduled synchronization.

    Depending on the size of your data, ingestion can take minutes or hours.

Next steps

Connect WordPress

Use the following procedure to sync data from WordPress to Agentspace Enterprise.

After you set up your data source and import data the first time, the data store syncs data from that source at a frequency that you select during setup.

Before you begin

Before setting up the connection, ensure you have the following:

  • Username and password: Obtain the credentials from the WordPress administrator.
  • Site URL: Use this URL for data store creation.

Create a WordPress user

To create a WordPress user, obtain a username and password from an administrator. The administrator must sign in and follow these steps to create a new user in the WordPress instance.

  1. Sign in as an administrator:

    1. Navigate to your hosting platform and sign in with your administrator credentials to access your WordPress website.
    2. Click the Website icon.
    3. Click WordPress admin for your site.
  2. Create a new user:

    1. On the WordPress admin page, navigate to the Users tab.
    2. Click Add new.
    3. Fill in all the required details, including:
      • Username
      • Email address
      • Optional: First and last name
      • Role
      • Password (if prompted)
    4. Click Add new user to save the changes.

Create a WordPress connector

Console

To use the Google Cloud console to sync data from WordPress to Agentspace Enterprise, follow these steps:

  1. In the Google Cloud console, go to the Agentspace Enterprise page.

    Agentspace Enterprise

  2. In the navigation menu, click Data stores.

  3. Click Create data store.

  4. On the Select a data source page, scroll or search for WordPress to connect your third-party source.

  5. Enter your WordPress authentication information and click Continue.

  6. In the URL field, enter your WordPress site URL and click Continue.

  7. Select which entities to sync and click Continue.

  8. Select a region for your data store.

  9. Enter a name for your data connector.

  10. Select a synchronization frequency.

  11. Click Create. Agentspace Enterprise creates your data store and displays your data stores on the Data stores page.

  12. To check the status of your ingestion, go to the Data stores page and click your connector name to see details about it on its Data page. The Connector state changes from Creating to Running when it starts synchronizing data. When ingestion is complete, the state changes to Active to indicate that the connection to your data source is set up and awaiting the next scheduled synchronization.

    Depending on the size of your data, ingestion can take several minutes or several hours.

Next steps

Connect Zendesk

Use the following procedure to sync data from Zendesk to Agentspace Enterprise.

After you set up your data source and import data the first time, the data store syncs data from that source at a frequency that you select during setup.

Before you begin

Before setting up your connection:

  1. In addition to the third-party connector allowlist, this connector requires that your project is added to an additional allowlist. To be added to this allowlist, contact your Agentspace Enterprise account team.

  2. Set up access control for your data source. For information about setting up access control, see Use data source access control.

  3. A Zendesk administrator must generate or obtain the following for integrating with Agentspace Enterprise:

    1. Access token. API Token of your Zendesk instance.
    2. Instance URI.

Create a Zendesk connector

Console

To use the Google Cloud console to sync data from Zendesk to Agentspace Enterprise, follow these steps:

  1. In the Google Cloud console, go to the Agentspace Enterprise page.

    Agentspace Enterprise

  2. In the navigation menu, click Data stores.

  3. Click Create data store.

  4. On the Select a data source page, scroll or search for Zendesk to connect your third-party source.

  5. Enter your Zendesk authentication information and click Continue.

  6. Select which entities to sync and click Continue.

  7. Select a region for your data store.

  8. Enter a name for your data connector.

  9. Select a synchronization frequency.

  10. Click Create. Agentspace Enterprise creates your data store and displays your data stores on the Data stores page.

  11. To check the status of your ingestion, go to the Data stores page and click your connector name to see details about it on its Data page. The Connector state changes from Creating to Running when it starts synchronizing data. When ingestion is complete, the state changes to Active to indicate that the connection to your data source is set up and awaiting the next scheduled synchronization.

    Depending on the size of your data, ingestion can take several minutes or several hours.

Next steps