by Ken Task.
Set up a system account connected. The account you used to setup the IAM in Google.
In the identity issuer: Google setup where one has the client ID and secret,
add to the scopes (defaults are openid profile email) the following URL: https://www.googleapis.com/auth/drive
As you can see that's for Google Drive.
On the Google end you will have to complete all the tabs in the IAM setup
including terms of service and privacy pages that google can verify as well as
a site verification ... do the html file they provide for that ... not DNS - much easier.
'SoS', Ken