A step-by-step guide to setting up scan to Google Drive on your MFP
Scan-to-Google-Drive direct integration is available on every modern A3 office MFP and on many SMB-tier devices. This guide walks through the configuration end-to-end on a typical Konica Minolta, Ricoh, Canon, Xerox, or Kyocera device.
What you need before starting
- MFP admin credentials (web admin console password)
- Google Workspace administrator account or shared service account
- Network access from the MFP to the public internet over HTTPS (port 443)
- A target Google Drive folder for scan destinations
- Approximately 20–30 minutes of configuration time
Scan-to-Google-Drive eliminates the round-trip workflow of scanning to email and then manually saving the attachment into the Drive folder. The configuration takes 20 to 30 minutes the first time and produces a destination that any office user can scan to directly from the MFP panel. Once configured, the device authenticates against Google's APIs through OAuth 2.0 and uploads scanned documents directly into the chosen Drive folder, preserving the file format (PDF, Word, JPEG, etc.) selected at scan time.
The five-step procedure below covers the standard configuration pattern. Brand-specific menu paths differ slightly — Konica Minolta routes this through "Cloud Service Settings", Ricoh through "Cloud Connector", Canon through "Send → Google Drive Server" — but the underlying authentication flow and folder-selection steps are nearly identical across brands. The configuration is performed once per device and persists across firmware updates and reboots.
Five-step configuration walkthrough
Open the MFP web admin console
From a browser on the same network as the MFP, navigate to the device's IP address. Log in with the admin password.
http://[device-ip]/admin → Login
Navigate to Cloud Connector / Cloud Service Settings
Locate the cloud connector menu. Brand-specific paths: Konica → Network → Cloud Service Settings → Google Drive. Ricoh → System Settings → Cloud Connector → Google Drive. Canon → Function Settings → Send → Output → Google Drive.
Authenticate with Google OAuth
The MFP displays a one-time authentication URL and a device code. On a desktop browser, navigate to that URL, sign in with the Google Workspace administrator or service account, and enter the device code when prompted. Grant the MFP permission to read and write to Drive.
https://accounts.google.com/o/oauth2/device/usercode
Select the default destination folder
Once authenticated, the MFP can browse the authorised Google Drive. Navigate to the folder where scans should land — typically a "MFP Scans" or "Office Inbox" folder created in advance. Configure subfolder behaviour: a single shared folder or per-user folders authenticated through identity-stack integration.
Test and add the destination to the device panel
Scan a test document with the new Google Drive destination selected. Confirm the file appears in the Drive folder within 30–60 seconds. Save the destination to the device's scan-to address book so end users can select it directly from the home panel.
Common configuration issues
OAuth device code not accepted
Cause: the code expires after 10 minutes. Fix: regenerate from the MFP and retry the authentication flow within the window.
Authentication succeeds but uploads fail
Cause: the authorised account lacks write permission on the target folder. Fix: share the destination folder with the service account at "Editor" permission level.
Scans upload but to the wrong account's Drive
Cause: the OAuth flow authenticated to the admin's personal Drive rather than the service account. Fix: de-authorise from the admin's Drive (myaccount.google.com → Security) and re-authenticate with the correct account.
HTTPS connection failures from the MFP
Cause: the office firewall blocks outbound HTTPS from the MFP IP address. Fix: ask IT to allow outbound 443/TCP from the MFP's IP to googleapis.com and accounts.google.com.
Hardening and refresh notes
The OAuth token issued at configuration time has a long-lived refresh component that survives until manually revoked. For offices with strong security hygiene, rotating the service account credentials annually is the typical practice — the refresh requires repeating step 3 of the configuration with the new credentials, which takes 2 to 3 minutes per device. Workspace administrators can monitor the active OAuth grants through the admin console and revoke specific devices if a unit is decommissioned or compromised.
For multi-MFP fleets, configuring each device with a separate service account simplifies the per-device revocation story; configuring all devices with a single shared service account simplifies the credential-rotation cadence but couples the fleet together for security purposes. Most offices land on per-MFP service accounts for production deployments and shared accounts for trial environments.