Enterprise Setup
These instructions presume you are using the Enterprise version of Google Drive Embedder and have already installed successfully, including installation and configuration of either the free, premium, or enterprise Google Apps Login plugin which is required for the Drive plugin to work.
To get the full benefit of Enterprise Drive features, including Attachment Folders and Controlled Folders, you will also need to configure a Service Account via the Google Apps Login plugin. See instructions here.
Introduction
Google Drive is a versatile way to store files and share with colleagues, while your intranet is clearer and better structured for sharing more focused information.
Wouldn’t it be great if your intranet could be used to control and structure the information your organization stores in Drive?
Our Enterprise version of Google Drive Embedder integrates Drive much more closely with your WordPress site, essentially allowing each page or post on your intranet/site to host its own file attachments, completely backed by Drive.
This means you no longer need to manage Drive and your Intranet as two completely separate document sharing systems!
You can also use the plugin to embed interactive Drive folders on any website, so viewers can browse and preview files without leaving your site.
License
In Settings -> Google Drive Embedder (within your WordPress admin panel), click on the License tab. Enter the license key from your purchase email. This will enable automatic update notifications of any future versions of the plugin.
Setup
The advanced Enterprise Drive features require a special Drive folder to be created at the top level of your Drive account. This is the base folder of your ‘Drive hierarchy’ – a tree of folders that will mirror the hierarchy of your WordPress site, so every page/post on your site has a corresponding folder in this Drive structure.
To initialize the ‘Drive hierarchy’ you need to create or choose a ‘base folder’ which should be at the top level of your Drive account. In the Setup tab, you have the opportunity to either create a new Drive folder, or pick an existing top-level Drive folder. In either case, you can choose for the folder to be on the ‘My Drive’ of your admin user, or on a Team Drive to which they have access.
For this to work, you will need to have configured a Service Account via the Google Apps Login plugin. See instructions here.
Click Save Changes to actually create or pick the folder, and then you should see that folder active as your ‘base folder’ – like this:
Once selected, you should not need to change this folder.
Folder Controls
Click the Folder Controls tab.
Page/Post Attachment Folders
If you check the box ‘Automatically append attachments folder on post’ then a Drive folder will be created by default on every post in your site. The folder, named after the post it’s related to, will be created within the Drive hierarchy you set in the ‘Setup’ tab. The folder contents (empty to start with) will appear in a box beneath the post when it is viewed on your published post. Your users can share files by dragging them into the box (depending on permissions – explained later).
If this option is checked, go to a post and you should see a Drive Attachment section at the bottom – where your users can share files with each other (if they have permissions, of course).
Try dragging a file over that section and see if it will upload for you. Then go to the folder in Drive and see the file there.
The great thing about Drive is that files can be in multiple folders at once. So files stored elsewhere in Drive can also be attached to the WordPress folder’s hierarchy and appear at the bottom of relevant pages/posts without needing to be uploaded separately into WordPress.
There is a separate checkbox in Settings allowing you to add an Attachment Folder to every page (instead of or as well as every post). There will be checkbox for any custom types you might have on your site too.
It is possible to override the auto-attachment settings here on any individual page/post. As an admin, you will see an option within the post editor allowing you to turn the Attachment Folder on/off regardless of the default setting you make in the Settings panel.
If the post author is not an admin, then they will only be able to override the setting if you check ‘Allow content authors to override the above attachment folder auto-append settings’ in the Settings panel.
You can find out more about Attachment Folders in our tutorials section.
Default Folder Permissions
The permissions section allows you to specify the global site-wide permissions for Controlled Folders and Attachment Folders. These are what ‘default’ refers to if you embed a Controlled Folder. These permissions will apply to Attachment Folders unless you override on an individual post/page basis.
Controlled Folders are a way to embed a Drive folder in your site such that the file listing is proxied via your Service Account so viewers don’t need their own Drive account to view it.
The basic permission options are Always, Drive, and Never. And these can be specified for each functionality: ‘View’ existing files and ‘Upload’ new files.
- Always means that users will be able to perform that action by using the Service Account – meaning they don’t even need to have a Google account themselves at all! This way you can allow users to view folders (and even upload files) to a folder that they wouldn’t otherwise have permissions to access at all.
- Drive will defer to the permissions of their Google Drive account, requiring them to e.g. login to Google to view your folder – and of course only be able to see files if they have been given access in Drive itself
- Never – means they won’t be given the opportunity to perform the action at all, via the Service Account or even via their Drive account. However, please note that if they do actually have permission to e.g. view or upload to the Drive folder directly, then they could always just go to Drive to perform the action there instead.
To start with (if all dropdowns are set to Drive), all users will be required to use their Drive account to view or upload to folders. That means you may need to ensure your users have appropriate Drive sharing settings to the base folder you set up a minute ago. Or you can use Always and Never as defaults for any action – Always uses the Service Account for an action (i.e. view or upload) regardless of whether that user has a Drive account or not.
You can specify how view/upload is performed for two different categories of user to start with: Logged-in Users and Visitors (people who aren’t currently logged in to the site). You can also click ‘Add Role’ to add an extra row of permissions that should apply to users of a particular role in WordPress (e.g. Admin or Editor).
These settings should hopefully make more sense if you try our tutorials and start embedding folders in your site!
For Attachment Folders and Controlled Folders, as an admin user you can always override the permissions on a per-folder basis. Controlled Folders can be set up to follow permissions other the ‘default’ when they are created, or you can edit them afterwards through the Controlled Folder section in your top-level WordPress admin (it should appear somewhere below the main Settings menu, but at the same top level as Settings itself).
Attachment Folder permissions can be edited in a special box that appears on every page/post – provided you are an admin. The box will appear for anyone editing the page/post, but only if you have checked the box ‘Allow content authors to override attachment folder permissions’ on the Folder Controls tab of the Settings -> Google Drive Embedder page.
Drive Ownership
Click the Drive Ownership tab. Most users will be happy with the default settings of all three checkboxes on this page being unchecked, so feel free to move on to trying out the plugin now, following our tutorials.
As you can read on the tab itself: Google Drive Embedder can use your Service Account to change ownership and parent folders of files/folders that are used within your WordPress site. This can help you keep track of which files and folders in Drive are relevant to your site, and to ensure a senior admin owns all such files/folders.
Set post/page author as writer of Attachment Folder when folder is auto-created in Drive
If checked, every time a folder is created in your Drive hierarchy – corresponding to a page or post – the plugin will attempt to set the owner of the folder to the same user named as an author of the WordPress page/post. This only happens when the folder is created. If the WordPress post’s owner changes, the folder will not be updated to the new owner in Drive.
Embedded files/folders should become owned by Service Account admin in Drive (original owner becomes writer)
If checked, then whenever a post author uses Add Google File to embed a file or folder in the post, the plugin will change the owner of the file/folder to the Google Apps domain admin named in the Service Account settings. The original owner of the file will become a writer. There is a mechanism in the Add Google File dialog box to ensure the author is aware of this change of ownership.
Embedded files/folders should have the page/post Attachment Folder added as a parent in Drive
If checked, then whenever a post author uses Add Google File to embed a file or folder in the post, the plugin will add the file/folder to the Attachment Folder corresponding to the post (i.e. the Attachment Folder will become a parent of the file). This is regardless of where the file currently resides, and will not affect any existing parent relationships of the file (Drive files can have multiple parent folders). Please note that Attachment Folders can exist even if they are not visible on the post itself when viewed.
In all the above options, the results may vary (or not work at all) depending on Drive permissions applied to the files being embedded.
Advanced Options
The Advanced Options tab only contains one option in the Enterprise version, and it will not be useful for most installations, so feel free to move on to our tutorials explaining how to use the product.
When embedding a document into a WordPress post via Add Google File, the default behavior for the plugin to decide from which Google account to pull the file list runs as follows: Attempt to pick the Google account corresponding to the currently logged-in WordPress user’s WordPress email address.
You can check the setting called ‘Allow user to choose Google Account independently of WordPress email’. This will cause the plugin to show Drive files from whichever Google account happens to be logged into the browser. If no Google account is logged in, it will allow you to choose any account to connect. If more than one Google account is logged in, you will be able to select which account you wish to use (or login to yet another Google account).
If the checkbox is unchecked, the default behavior will apply – the plugin will always try to show the Drive account belonging to the WordPress user’s email address.
Premium Setup
These instructions presume you are using the Premium version of Google Drive Embedder and have already installed successfully, including installation and configuration of either the free, premium, or enterprise Google Apps Login plugin which is required for the Drive plugin to work.
License
In Settings -> Google Drive Embedder (within your WordPress admin panel), click on the License tab. Enter the license key from your purchase email. This will enable automatic update notifications of any future versions of the plugin.
Advanced Options
The Advanced Options tab only contains one option in the Premium version, and it will not be useful for most installations, so feel free to move on to our tutorials explaining how to use the product.
When embedding a document into a WordPress post, the default behavior for the plugin to decide from which Google account to pull the file list runs as follows: Attempt to pick the Google account corresponding to the currently logged-in WordPress user’s WordPress email address.
You can check the setting called ‘Allow user to choose Google Account independently of WordPress email’. This will cause the plugin to show Drive files from whichever Google account happens to be logged into the browser. If no Google account is logged in, it will allow you to choose any account to connect. If more than one Google account is logged in, you will be able to select which account you wish to use (or login to yet another Google account).
If the checkbox is unchecked, the default behavior will apply – the plugin will always try to show the Drive account belonging to the WordPress user’s email address.
Installation
Before you can use Google Drive Embedder, you will first need to install and configure any version (free, premium, or enterprise) or the Google Apps Login plugin.
Premium/Enterprise version
If you have bought Google Drive Embedder Premium/Enterprise, you will have been given a ZIP file to upload. Upload the ZIP file directly in the Plugins section of your WordPress admin.
To do this click ‘Add New’ (at the top of the Plugins page).
Then ‘Upload Plugin’.
And locate the ZIP file.
Once installed, click ‘Activate’ on the Premium/Enterprise plugin. If you had our free Basic plugin installed, then Deactivate that first (do not Delete until the premium plugin is up and running).
Both premium and enterprise versions of the plugin have configuration options under Settings -> Google Drive Embedder, but only the Enterprise version has significant configuration that is important to carry out before trying Enterprise functionality.
You can read our basic tutorial, or find out about premium setup or enterprise setup.
Free version
In your WordPress admin area, go to Plugins. Click Add New, and then search for “Google Drive Embedder”. Install from there.
Once Activated, you can find out how to embed a file in our tutorial.
Theme My Login
If you use the Theme My Login plugin (TML) to create a custom styled login page on your site, please be aware that since TML adjusts the way the login process works in WordPress, plugins like Google Apps Login that are expecting WordPress standards may not work.
An approach that will not disturb WordPress’ standard login mechanism so much would be to use a plugin that styles the existing wp-login.php page instead of creating a new login page, but of course this might involve more work to achieve something that matches your Theme. Our recommended plugin for this approach is Admin Custom Login, and this is directly compatible with Google Apps Login.
If you would like to attempt to get TML to work on your site, here are the suggested steps:
1. Specify both Authorized Redirect URIs in the Google Developers Console Project when you configure Google Apps Login:
http://www.website.com/wp-login.php
http://www.website.com/login
http://www.website.com/login/
Above, I’ve added two versions of the /login URL just in case. You would add these under API’s & Services -> Credentials -> OAuth 2.0 IDs. Click into the ‘web application’ ID you set up when you first configured the plugin.
2. Add the below code in functions.php in the Child theme or similar – of course change for your site’s wp-login.php URL:
function my_gal_login_url($login_url) {
return 'http://website.com/wp-login.php';
}
add_filter('gal_login_url', 'my_gal_login_url', 10, 1);
The above steps may be enough, but if the ‘Login with google’ button doesn’t appear on the login form try step 3 below only (not step 4). If it appears but you sometimes get ‘session mismatch’ errors, please try both steps 3 and 4.
3. Add this link URL as ‘Login with Google’ on the TML login page (below theme_my_login shortcode):
http://website.com/wp-login.php?gaautologin=true
4. Hide the original ‘Login with Google’ button in Child theme CSS:
p.galogin, h3.galogin-or {
display:none;
}
Some users have found that ‘Login with Google’ just returns them to the wp-login.php page with no error message showing, but actually if they then visit /wp-admin/ they find they were actually logged in (just not redirected to the dashboard as expected). If this happens to you, follow step 5:
5. In TML settings, uncheck ‘Enable custom redirection’ and maybe some other security settings.
If you would like any help, or want to report your own findings, please contact support.
Of course if you aren’t in a position to get your hands dirty with the detailed configuration required, the short answer is that I don’t think TML works alongside Google Apps Login straight out of the box!
Troubleshooting
When a user tries to Login with Google, it says “user is not registered in WordPress”
The free version of the plugin allows existing WordPress accounts to login using Google credentials, but it will not create accounts if they do not already exist in WordPress. I presume there is no WordPress account with the email address that corresponds to the Google account attempting to login.
You would need to purchase the premium or enterprise versions of the plugin if you want to sync users from a Google Apps domain to WordPress – i.e. to auto-create WordPress users for anyone with a Google account on your company’s domain, and to ensure that users can no longer login to WordPress after their Google accounts are deactivated.
If you’re already using the Premium or Enterprise version, please ensure the Domain Control tab in Settings -> Google Apps Login is set up correctly, including the ‘Auto-create users on my domain’ checkbox being checked.
I can’t login to WordPress at all any more!
Plugins sometimes conflict with each other, or configuration is incomplete, so you find you can’t access your WordPress site. For that reason, it is important to have a way to remove plugins and perform other low-level resets if needed.
If Login with Google isn’t working, you should still be able to enter your regular WordPress username/password to access the site. (Unless you have selected the option to forbid this for accounts in your Google Apps domain, in the premium or enterprise versions.)
If you have set your site to automatically login with Google, you can override that behavior by going to the following URL on your site:
/wp-login.php?gaautologin=false&gahidewplogin=false
If you still can’t login, after resetting your WordPress username and password, you should start to disable some plugins that are likely to be causing a problem. Of course you can’t access your Plugins page in WordPress admin, so you will need access to your server’s database or file system.
Here is a useful guide explaining what to do, courtesy of WP Beginner.
If you have Google Apps Login Enterprise installed, and you have accidentally configured the Domain Control tab in a way that means none of your users is an admin user any longer, you may need to change your user back to being an admin via MySQL. See here for instructions.
I install the plugin, and my wp-login.php page is just blank
The only time we’ve seen users experience a blank screen has been because they don’t have CURL enabled on their server.
Read this article describing how you can debug and (hopefully) get an error message to see if that is the problem.
Or, since most often the problem is that CURL needs installing, it may be easier for you to jump straight to finding out whether CURL is installed, and enabling it if not. If that doesn’t solve the problem, you may need to debug as above.
Users sometimes can’t login because Google chooses their personal Gmail account
Here’s what happens whenever you click Login with Google, and it depends how many Google accounts are currently logged-in within the same browser:
- If currently logged in to 0 Google accounts, you will be asked to login to one and the plugin will attempt to login to WordPress against that account
- If currently logged in to exactly 1 Google account, Google will automatically return that account for the WordPress login attempt
- If currently logged in to 2 or more Google accounts, Google will show the user a list of current accounts and allow them to choose which one they want for the WordPress login
Then, if the selected Google account doesn’t match an existing WordPress account and doesn’t come from a Google Apps domain that is authorized in the plugin to have a WordPress account created for it, the user will be told:
Email address needs to be in mycompany.com. [email protected] is not authorized – Sign out of Google to switch accounts
If this is causing confusion, one possibility is to tick the option in Advanced Options of Settings -> Google Apps Login labelled ‘Force user to confirm Google permissions every time’. This adds an extra step to everyone’s login flow asking them to confirm they are happy for Google to connect to the WordPress site (by default, they only see this the very first time). The only reason for this option is to give the user a chance to see (in the top right corner) which Google account has been picked up, and give them the opportunity to change it.
When attempting ‘Login with Google’ I see Invalid JSON in service response
After clicking ‘Login with Google’, and authorizing your Google account, you are redirected back to the WordPress login page and see the error message: Invalid JSON in service response: <followed by a load of strange characters>
This is because Google has recently started compressing some of their responses from their API calls, and older servers are unable to interpret it.
Please ask your web host if they can update to a newer CURL version that has libz/gzip/idn enabled.
Server-side Caching no longer works on my site
Google Apps Login attempts to set its wordpress_google_apps_login cookie on every page of your site. This cookie is only really needed on the wp-login.php page, but many sites have unusual configuration of the login page, so by default the plugin sets the cookie on every page. This can affect some server-side caching systems which turn off caching because this cookie is different for each user.
You can instruct the plugin to only write the cookie on the wp-login.php page in the first place, and this should fix the cache for the rest of your site.
We have instructions providing code that you can add to your Theme’s functions.php file or similar.
Enterprise Multisite
If you are using Google Apps Login Enterprise version on a WordPress multisite installation, please get in touch with us. We have an extension plugin available that will allow you to override Group Role Rules on a sub-site basis.
Domain Control tab – multisite options
In a multisite installation, there are two extra settings on the Domain Control tab:
‘Add users to sub-sites if they are not yet members’ – if checked, this will always add all users as members to all sub-sites whenever the role mapping rules are processed for a user. In this case, the user will be added to each sub-site under the role determined by the rules you’ve set up. If not checked, the role will only be applied to the user in sub-sites of which they are already a member (which will likely be no sites for a new user, unless you have some other plugin to take care of sub-site membership assignment).
The point here is that under WordPress multisite, the user exists once globally (i.e. throughout the whole multisite), but can be added as a member to each sub-site independently of the others; and furthermore the user can have different roles in each sub-site. For example, the user could be a subscriber in sub-site 1, an admin of sub-site 2, and not a member at all of sub-site 3.
‘Demote existing Super Admins who do not have a Super Admin mapping above’ – if checked, the plugin will happily remove super admin privileges if the Domain Control rules determine that the user should have a role other than Super Admin. Leave checked (default) if you think that’s risky – i.e. it’s too easy to insert an extra rule that maps a super admin to something else. If it remains unchecked, you would have to manually demote any super admin that is no longer required on the multisite.
In WordPress multisite, super-admin is a different type of role to all the others – it applies globally, whereas the lesser roles can be assigned to any other member of any sub-site independently of the others.
Advanced Options – multisite Redirect URIs
In all versions of Google Apps Login, the Advanced Options tab contains an extra option related to multisite Redirect URIs. See here for more details.
