Click here to see your recently viewed pages and most viewed pages.

Secure Data Connector FAQ

This FAQ covers common questions related to installing, configuring, and using Google Secure Data Connector (SDC). For security questions about SDC please see the Security FAQ.

How do I get support?
For most questions about installing the SDC you should use the Google Secure Data Connector discussion group or contact Google Apps support (contact information can be found in the Google Apps control panel). For questions about building Gadgets or App Engine apps that use SDC, you should use the regular developer support channel.

What port does SDC use to connect to Google Apps?
SDC makes connections using the default HTTPS port 443 (TCP). For SDC to function, your corporate firewall must enable port 443 for outgoing connections. Most corporate firewalls enable outgoing port 443 by default.

How does the SDC connect to resources within my corporate network?
SDC uses normal HTTP and HTTPS connections. Within your network, requests coming from SDC appear as normal intranet requests.

I get errors when trying to connect to internal resources using SSL with SDC?
This is most likely caused by an untrusted SSL certificate on the internal resource. During the SSL connection setup Google will verify the certificate on the internal resource has be issued by a Trusted Internet Root Certificate Authority.

What Google domain does SDC connect to?

SDC connects to on port 443.

What user accounts do I need to install SDC?
The user account is specified in the localConfiguration.xml file within the <user> element.
The account must be the secure-data-connector-user role account that you specify in the Google Apps control panel.

To use SDC, should I use type html or type url gadgets?
Because SDC uses only html gadgets are supported.

Why does SDC get the ACCESS_DENIED status when it attempts to log into Google Apps?
Make sure SDC is using one of the following accounts (specified in the <user> tag of localConfiguration.xml):
  • secure-data-connector-agent
  • Any account that is an administrator of your Google Apps domain

If you specified a weak password, Google's captcha services may block SDC. Log in to the account through a web browser and solve any captchas that display. If Google prompts you with a captcha every time you log in, specify a stronger password.

How does Google know that requests should be routed over SDC?
Google maintains a copy of the list of all resources within your network that can be accessed over SDC. Each application has specific situations when it checks whether a resource might be accessible through SDC. The following table summarizes how to tell Google Apps to verify if a resource is behind SDC. Bolded statements indicate the code that you need to add to enable requests over SDC.
Application Code snippet for using the SDC
Gadgets in Google Sites ...
var params{};
params['OAUTH_ENABLE_PRIVATE_NETWORK'] = 'TRUE';"", function (response), params);
App Engine ...
HTTPRequest fetchreq = new HTTPRequest("");
fetchreq.setHeader(new HTTPHeader("use_intranet","yes"));
URLFetchService fetcher = URLFetchServiceFactory.getURLFetchService();
HTTPResponse fetchresp = fetcher.fetch(fetchreq);
Google Spreadsheets =importData("")

When a user from a domain shares a gadget, App Engine application, or spreadsheet with a user from a different domain, how does Google decide which domain's SDC to use?

Gadgets and App Engine applications make all requests through the SDC of the domain of the viewer of the application or gadget. This means that a gadget or application deployed in one Google Apps domain cannot take information from behind that domain's corporate firewall and share it with a user that is not part of that domain.

In Spreadsheets, requests are made through the SDC of the person who entered the import formula into the spreadsheet. Therefore if your domain authorizes users to share spreadsheets outside of your domain, then a user in your domain can import data into a spreadsheet using the SDC and share that data with users outside your domain.