/
Setup Google Workspace

Setup Google Workspace

Owned by Girish Reddy
Last updated: Aug 28, 2024
3 min read

Before you begin

To configure the Google Workspace application for provisioning (or sending emails), you need the following.

  • A Google Workspace account with administrator access.

  • The Google Workspace Admin SDK API must be enabled.

  • The following parameters to configure user provisioning in OnLink - see step by step instructions below.

    • Service account email

    • Account email

    • Private key

Step by step procedure to connect to Google Workspace

  1. Log in as an admin user to Google Cloud Platform (GCP) Console by using the following URL: https://console.cloud.google.com.

  2. Do one of the following steps.

    1. If you have not used the GCP Console before, agree to the terms of service and click Create Project.

    2. If you have used GCP Console before, at the top of the screen next to your most recent project name, click the down arrow to open your projects list. Then, click New Project. In Project Name, enter a meaningful name and click CREATE.

  3. Select your new project and click the navigation menu.

  4. Navigate to API and Services > Library. Search for Admin SDK and select the Admin SDK option from the search results. Click ENABLE.

  5. Navigate to IAM and admin > service accounts. Click CREATE SERVICE ACCOUNT and specify the following settings.

    1. Service account name

    2. Service account ID

  6. Click CREATE to create your service account. Click CONTINUE and then click DONE.

  7. Click the navigation menu. Navigate to API and Services > Credentials.

  8. Click Service account and select your service account.

  9. Under Keys, from the Add Key menu select Create New Key. Select the JSON radio button and click Create.

  10. Note the following parameters that are required to configure provisioning in OnLink.

    Service Account Email - Use the client_email value from your service account private key file.

    Account Email - this is the email of the admin who logged in to create the service account. The admin should have as a minimum, the 'User Management Admin' and 'Groups Admin' roles. Make sure that the scopes of the roles are All organization unit. If possible, use a shared email here to ensure continuity in case one person leaves your org.

    Private Key - Use the private_key value from your service account private key file. Copy everything from and including -----BEGIN PRIVATE KEY----- to -----END PRIVATE KEY-----\n without the double quotes e.g.

    1. -----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkigEAAoIBAQC5DdC8GNNeyVik\nryiee...sr47P8/fghv5Lxukpq\nGnEiHn5otefat1FuUnmMJ8j/\n-----END PRIVATE KEY-----\n

  11. Go to your Google Workspace Admin console by using the following URL: https://admin.google.com.

  12. Click the navigation menu. Navigate to Security > Access and data control > API Controls.

  13. Under Domain wide delegation, click MANAGE DOMAIN WIDE DELEGATION.

  14. Click Add New and add the following details.

    Client ID - Provide a service account's client ID. Use the client_id value from the service account private key file.
    User OAuth Scope https://www.googleapis.com/auth/admin.directory.user
    Group OAuth Scope https://www.googleapis.com/auth/admin.directory.group
    Role OAuth Scope https://www.googleapis.com/auth/admin.directory.rolemanagement
    Org Unit OAuth Scope https://www.googleapis.com/auth/admin.directory.orgunit
    Gmail Send (only needed if using to send emails) https://www.googleapis.com/auth/gmail.send

     

  15. Click Authorize and save your changes.

Here’s a Google link outlining the above for your reference: https://developers.google.com/workspace/guides/create-credentials

 

 

Related content