Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Log in as an admin user to Google Cloud Platform (GCP) Console by using the following URL: https://console.cloud.google.com.

  2. Do one of the following steps.

    1. If you have not used the GCP Console before, agree to the terms of service and click Create Project.

    2. If you have used GCP Console before, at the top of the screen next to your most recent project name, click the down arrow to open your projects list. Then, click New Project. In Project Name, enter a meaningful name and click CREATE.

  3. Select your new project and click the navigation menu.

  4. Navigate to API and Services > Library. Search for Admin SDK and select the Admin SDK option from the search results. Click ENABLE.

  5. Navigate to IAM and admin > service accounts. Click CREATE SERVICE ACCOUNT and specify the following settings.

    1. Service account name

    2. Service account ID

  6. Click CREATE to create your service account. Click CONTINUE and then click DONE.

  7. Click the navigation menu. Navigate to API and Services > Credentials.

  8. Click Service account and select your service account.

  9. Under Keys, from the Add Key menu select Create New Key. Select the JSON radio button and click Create.

  10. Note the following parameters that are required to configure provisioning in OnLink.

    Service Account Email - Use the client_email value from your service account private key file.

    Account Email - an admin’s email address that has this is the email of the admin who logged in to create the service account. The admin should have as a minimum, the 'User Management Admin' and 'Groups Admin' roles. Make sure that the scopes of the roles are All organization unit. If possible, use a shared email here to ensure continuity in case one person leaves your org.

    Private Key - Use the private_key value from your service account private key file. Copy everything from and including -----BEGIN PRIVATE KEY----- to -----END PRIVATE KEY-----\n” n without the double quotes e.g.

    1. Code Block
      -----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkigEAAoIBAQC5DdC8GNNeyVik\nryiee...sr47P8/fghv5Lxukpq\nGnEiHn5otefat1FuUnmMJ8j/\n-----END PRIVATE KEY-----\n
  11. Go to your Google Workspace Admin console by using the following URL: https://admin.google.com.

  12. Click the navigation menu. Navigate to Security > Access and data control > API Controls.

  13. Under Domain wide delegation, click MANAGE DOMAIN WIDE DELEGATION.

  14. Click Add New and add the following details.

    Client ID - Provide a service account's client ID. Use the client_id value from the service account private key file.
    User OAuth Scope https://www.googleapis.com/auth/admin.directory.user
    Group OAuth Scope https://www.googleapis.com/auth/admin.directory.group
    Role OAuth Scope https://www.googleapis.com/auth/admin.directory.rolemanagement
    Org Unit OAuth Scope https://www.googleapis.com/auth/admin.directory.orgunit
    Gmail Send (only needed if using to send emails) https://www.googleapis.com/auth/gmail.send

  15. Click Authorize and save your changes.

...