Setting up NotebookLM Enterprise involves several steps, but the process is designed to be manageable, particularly for those familiar with Google Cloud’s Identity and Access Management (IAM).
Table of Contents
Prerequisites
To get started, ensure you have the following:
- Google Cloud Account: You will need a Google Cloud account to set up NotebookLM Enterprise. New customers can sign up for a free account, receiving $300 in credits to try out Google Cloud services.
Steps to Set Up Standalone NotebookLM Enterprise
This setup guide focuses on configuring NotebookLM Enterprise as a standalone service. It covers the setup of the AI-powered research and writing tool, including user access, data security, and management within a specific Google Cloud project. Key tasks include configuring Identity and Access Management (IAM) roles, identity providers, and a project-specific user interface URL for secure operation.
NotebookLM Enterprise within Google Agentspace offers a broader solution, integrating search and automation capabilities, which is not covered in this guide. This guide solely addresses the standalone configuration of NotebookLM Enterprise.
1. Create or Select a Google Cloud Project
- Navigate to the Project Selector: In the Google Cloud Console, go to the project selector page.
- Select an Existing Project or Create a New One:
- If you already have a Google Cloud project, you can select it from the project selector.
- If you do not have a project or prefer to start fresh, you can create a new one. It is recommended to create a new project if you do not plan to keep the resources after setup. This way, you can delete the project and all associated resources when you are done.
2. Enable Billing
Make sure that billing is enabled for your Google Cloud project. Billing is required to use Google Cloud services, even if you are using the free tier or trial options.
3. Enable the Necessary APIs
You need to enable the Vertex AI Agent Builder (Discovery Engine API) for your project. This API is crucial for the setup of NotebookLM Enterprise.
Integration of Vertex AI and BigQuery
- Vertex AI: A unified platform for machine learning (ML) models and generative AI. It provides tools for building, tuning, and deploying foundation models.
- BigQuery: A fully managed, petabyte-scale analytics data warehouse that allows users to run queries on large datasets.
Key Services
- Integration: Vertex AI and BigQuery are integrated, allowing users to leverage BigQuery data for model training and data analysis.
- Vertex AI Search for Retail: Vertex AI can build Google-quality search and product recommendations for retailers using BigQuery data.
- Generative AI: Vertex AI works with BigQuery to enable generative AI applications using data stored in BigQuery.
- AI for Data Analytics: Vertex AI can be used with BigQuery to write SQL, build predictive models, and visualize data.
4. Data Ingestion
NotebookLM Enterprise can ingest data from BigQuery and use AI to analyse it.
5. Free Tier
- BigQuery offers a free tier, which includes 1 TB of queries per month.
- Vertex AI also has free tier usage limits.
Enabling the Services
To enable these services, follow these steps:
- Ensure that your Google Cloud project has billing enabled.
- Enable the Vertex AI Agent Builder (Discovery Engine API).
- Set the necessary permissions for Vertex AI to access BigQuery data.
- Use the Google Cloud console to enable APIs and configure permissions.
- You can also interact with Google Cloud services through client libraries or the gcloud CLI.
Important Considerations
- New Project for Evaluation: If you are just evaluating NotebookLM Enterprise, create a new project so you can delete all resources easily after the evaluation.
- Project Owner Role: The project owner must assign the Cloud NotebookLM Owner role to users who will administer NotebookLM Enterprise.
- This role allows users to configure identity settings, grant access, and obtain the user interface URL.
Identity and Access Management (IAM)
IAM is essential for securing access to NotebookLM Enterprise and Google Agentspace Enterprise. It provides fine-grained control over user permissions, ensuring that only authorized users can interact with sensitive data and resources.
- IAM supports segregation of duties, security, and compliance by restricting access and enabling auditing.
- It integrates with Google Identity and third-party providers, allowing for centralized control via the Google Cloud Console.
IAM Roles in NotebookLM Enterprise
- Cloud Notebook Owner: Full control over a specific notebook, including creation, deletion, sharing, uploading sources, and generating audio summaries.
- Cloud Notebook Editor: Users can edit the notebook, upload sources, interact with content, and generate audio summaries, but cannot delete or share the notebook.
- Cloud Notebook Viewer: Read-only access to a notebook, enabling users to view content, listen to audio summaries, and interact with content, but without the ability to make changes.
Best Practice: Assign roles at the notebook level, not the project level, to maintain fine-grained control and security.
Setting Up an Identity Provider
An identity provider is necessary for your users to access NotebookLM Enterprise using their existing credentials. Google Cloud offers integration with Google Identity or third-party identity providers.
Authentication Methods
- Google Identity: If your organization uses Google Identity, user identities are managed directly through Google Cloud.
- Third-party Identity Providers: Authentication can be handled through third-party identity providers like Azure AD, Okta, or Ping. This can involve:
- Synced Identities with Google Identity: Users authenticate through Google Identity before accessing Google Cloud resources.
- Single Sign-On (SSO): Users authenticate with a third-party identity provider, but the process begins through Google Identity.
- Workforce Identity Federation: Allows authentication through external providers without syncing identities to Google Cloud.
Granting Roles
To provide users with access to the NotebookLM Enterprise interface:
Cloud NotebookLM User Role
- Purpose: This role allows users to sign in to the NotebookLM Enterprise interface and create notebooks.
- Prerequisites: Ensure the organization’s identity provider is configured in Google Cloud.
Steps to Grant the Cloud NotebookLM User Role
- Access the IAM page in the Google Cloud Console.
- Select the Google Cloud project.
- Grant access to the user by entering the user identifier (e.g., email address).
- Select the Cloud NotebookLM User role.
- Save the changes.
Sharing Notebooks
Sharing in NotebookLM Enterprise is designed with security and control in mind:
- Privacy by Default: Notebooks are initially private to the user who created them. Only explicit sharing can grant access to others.
- Sharing Permissions: Notebooks can be shared with users in the same Google Cloud project, and the permissions granted are either Viewer or Editor.
Revoking Access
The notebook owner can revoke access at any time, ensuring that the shared content remains secure.
Key Differences from Personal NotebookLM
Unlike the personal version, which allows notebooks to be shared via public links or email, NotebookLM Enterprise restricts sharing to within the Google Cloud project for enhanced security.
Key Considerations
- Compliance and Security: NotebookLM Enterprise offers more compliance and administrative features compared to the personal version.
- Fine-grained Access: Roles like Cloud Notebook Owner, Editor, and Viewer should be applied to individual notebooks, not at the project level, to maintain fine-grained control.
Conclusion
Setting up NotebookLM Enterprise involves administrative tasks around IAM, identity providers, and service integrations within Google Cloud. Following these steps ensures a smooth setup and provides secure, controlled access to the platform for all users.