Available Services
- Communication
- Files & Documents
- Scheduling & Learning
- Location
| Service | Capabilities | Auth Type |
|---|---|---|
| Gmail | Read, search, and send emails | OAuth |
| Google Meet | Access meeting recordings and transcripts | OAuth (requires Calendar) |
- “Show me my unread emails from this week”
- “Search my inbox for messages from jane@example.com about the budget”
- “Send an email to the team with a summary of today’s discussion”
- “Find emails with attachments from the last 30 days”
- “List my recent Google Meet recordings”
- “Get the transcript from yesterday’s team meeting”
Authorization Models
Pria supports two authorization models that can be used independently or together.Personal Authorization
Each user connects their own Google account through their Profile settings. They select which services to enable, authorize through Google’s consent screen, and the tokens are stored securely per-user.Institution-Shared Authorization
Administrators can connect a shared Google account at the institution level. This is useful for:- Providing Google services without requiring individual user authorization
- Sharing a departmental Drtive, Gmail or Calendar with all users
- Simplifying onboarding for users who don’t have institutional Google accounts
Authorization Priority
When both personal and institution-shared credentials exist, Pria resolves tokens with this priority:- Institution-shared credentials (if configured and the service is enabled for users)
- Personal credentials (the user’s own Google account)
This means institution-shared credentials take precedence. If an admin connects a shared Gmail, all users will use that shared Gmail rather than their personal one — even if they’ve also authorized their personal account.
Google Maps
Google Maps does not require OAuth authorization. It uses a server-side API key configured in your instance settings. Users can ask their Digital Twin for place search and geolocation without any personal authorization.Service Dependencies
Some Google services require parent services to function:| Service | Requires |
|---|---|
| Google Sheets | Google Drive |
| Google Docs | Google Drive |
| Google Slides | Google Drive |
| Google Meet | Google Calendar |
Troubleshooting
Google shows 'This app isn't verified'
Google shows 'This app isn't verified'
During the OAuth consent screen, Google may display a warning that the application is not yet verified. This is expected — the Pria middleware is currently undergoing CASA Tier 2 compliance verification with Google. To proceed, click Advanced and then Go to [app name] (unsafe) to continue the authorization. This warning will be removed once verification is complete.
Refresh token not issued
Refresh token not issued
Always use
prompt: 'consent' when requesting new OAuth scopes. This forces Google to issue a new refresh token. Without it, token refresh may fail after the initial access token expires.Users can't see Google services
Users can't see Google services
- Check that the Google OAuth credentials are configured in the instance settings
- Verify the APIs are enabled in Google Cloud Console
- For institution-shared services, confirm the
enabledForUsersflag is set for each service
Related
- Google Services User Guide — End-user authorization and usage guide
- Configuration — Instance settings including Google OAuth
- Tools — Tool definitions that power Google service interactions
- IP Vault — Files downloaded from Google Drive are stored here