Google Drive

Google Drive is the recommended destination if your team is on Google Workspace instead of Microsoft 365. Outpost authenticates using a service account: a non-human identity in Google Cloud that holds its own credentials and doesn't break when employees leave. That gives you a better production story than OneDrive out of the gate, because you never point Outpost at a real person's account.

Create a service account in Google Cloud (one-time)

1. Open the Google Cloud Console and select or create a project
2. Go to APIs & Services → Library, search for Google Drive API, and click Enable
3. Go to IAM & Admin → Service Accounts → Create service account
4. Give it a name like outpost-exports, skip role assignment, finish
5. Open the service account you created, go to Keys → Add key → Create new key, choose JSON, and download the file. Keep it safe; it's the only way to authenticate as this service account.
6. Note the service account email from the service account's overview page (looks like outpost-exports@your-project.iam.gserviceaccount.com)

Share the target Drive with the service account

The service account has no access to anything in your Google Workspace by default. You explicitly grant it access to the specific folder or Shared Drive it needs:

• For a Shared Drive (recommended): Open the Shared Drive in Google Drive, click the members icon, and share it with the service account email as Content manager
• For a folder in My Drive: Right-click the folder, click Share, and share it with the service account email as Editor

Upload the service account key to NetSuite

NetSuite's Certificate Manager holds the private key so Outpost can sign JWTs without the key ever leaving NetSuite.

1. Open the JSON key file you downloaded in a text editor
2. Copy the value of the private_key field (everything between -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY-----, inclusive)
3. In NetSuite, go to Setup → Company → Preferences → Certificates → New
4. Paste the private key, give the certificate a name like Outpost Google Drive, and save
5. Note the certificate's Script ID. You'll paste this into the Outpost Connection.

Create the Connection in Outpost

1. Open Outpost by VCG → Connections
2. Click New Connection and pick Google Drive
3. Fill in:
   • Connection name. e.g. Finance Shared Drive.
   • Drive folder path. Either /drives/{Shared Drive name}/subfolder for a Shared Drive, or /folders/{folder ID}/subfolder for a specific folder ID in My Drive.
   • Service Account Email. The email from the Google Cloud service account.
   • Certificate ID. The Script ID of the certificate you uploaded to NetSuite.
4. Click Test connection. Outpost signs a JWT, exchanges it for a Google access token, resolves the target folder, and writes a probe file.
5. Click Save.

Configure folder and filename on the export template

Same token system as the other destinations. Supported tokens: {date}, {datetime}, {search_id}. Example:

/drives/Finance Reports/monthly/close_{datetime}.csv

What to expect on delivery

• File format: CSV, UTF-8, with a header row
• Owner: Files in a Shared Drive are owned by the drive. Files in My Drive are owned by the service account (another reason to prefer Shared Drives).
• Visibility: The file is visible to anyone who has access to the parent folder or Shared Drive.
• Overwrite behavior: Outpost finds an existing file by name and updates it in place. If the name includes a token, each run creates a new file.

Tips & gotchas

• Shared Drives over My Drive, every time. If you write into My Drive and later delete the service account, Google can delete the files along with it. Shared Drives decouple file ownership from the service account identity.
• Enable the Drive API on the right project. If you enabled it on project A but your service account lives in project B, auth will succeed and then API calls will fail with 403 Drive API has not been enabled. The key and the API enablement must be in the same project.
• Path format matters. Outpost parses paths starting with /drives/ as Shared Drive references, and paths starting with /folders/ as folder ID references. Anything else is interpreted as a path inside My Drive.
• Private key never leaves NetSuite. Outpost uses NetSuite's N/crypto/certificate.signJwt() to sign the JWT server-side. The key is stored in Certificate Manager, not in a custom record, so it's protected by NetSuite's role-based access to that feature.
• Service account quotas are per-project. Google Cloud enforces per-minute and per-day quotas on Drive API usage. Normal finance-ops cadences are nowhere near the limits, but hourly runs of many templates against one project can eventually hit them.

Permissions & access control

The file's visibility in Google Drive is whatever the parent folder's sharing allows. The service account doesn't alter permissions; it writes the file and inherits the folder's access rules.

For production use, keep the destination folder inside a Shared Drive with a well-defined membership (Finance team, for example), and only share the Shared Drive out to the consumers who need it.

When to pick Google Drive (and when not to)

Troubleshooting

• 403 The caller does not have permission. The service account isn't a member of the target Shared Drive or folder. Re-share it at the right access level.
• 403 Google Drive API has not been used in project... before or it is disabled. You enabled the Drive API on a different project than the one that owns the service account. Enable it in the correct project.
• invalid_grant: Invalid JWT. Usually a clock-skew issue or a malformed private key. Re-copy the private key from the JSON file (including the BEGIN and END lines) and re-upload the certificate.
• Files land in My Drive instead of a Shared Drive. The path doesn't start with /drives/. Fix the path in the Connection.