Setup Google Workspace

Owned by Girish Reddy
Last updated: Jan 04, 2024 by Prabhu Palanisamy
2 min read

Before you begin

To configure the Google Workspace application for provisioning, you must meet the following prerequisites.

  • A Google Workspace account with administrator access.

  • The Google Workspace Admin SDK API must be enabled.

  • The following parameters to configure user provisioning in OnLink.

    • Service account email

    • Account email

    • Private key

Step by step procedure to connect to Google Workspace

  1. Log in as an admin user to Google Cloud Platform (GCP) Console by using the following URL: https://console.cloud.google.com.

  2. Do one of the following steps.

    1. If you have not used the GCP Console before, agree to the terms of service and click Create Project.

    2. If you have used GCP Console before, at the top of the screen next to your most recent project name, click the down arrow to open your projects list. Then, click New Project. In Project Name, enter a meaningful name and click CREATE.

  3. Select your new project and click the navigation menu.

  4. Navigate to API and Services > Library. Search for Admin SDK and select the Admin SDK option from the search results. Click ENABLE.

  5. Navigate to IAM and admin > service accounts. Click CREATE SERVICE ACCOUNT and specify the following settings.

    1. Service account name

    2. Service account ID

  6. Click CREATE to create your service account. Click CONTINUE and then click DONE.

  7. Click the navigation menu. Navigate to API and Services > Credentials.

  8. Click Service account and select your service account.

  9. Under Keys, from the Add Key menu select Create New Key. Select the JSON radio button and click Create.

  10. Note the following parameters that are required to configure provisioning in OnLink.

    Service Account Email - Use the client_email value from your service account private key file.

    Account Email - an admin’s email address that has as a minimum, the 'User Management Admin' and 'Groups Admin' roles. Make sure that the scopes of the roles are All organization unit.

    Private Key - Use the private_key value from your service account private key file. Copy everything from and including “-----BEGIN PRIVATE KEY-----” to “-----END PRIVATE KEY-----\n” e.g.

    1. -----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkigEAAoIBAQC5DdC8GNNeyVik\nryiee...sr47P8/fghv5Lxukpq\nGnEiHn5otefat1FuUnmMJ8j/\n-----END PRIVATE KEY-----\n

  11. Go to your Google Workspace Admin console by using the following URL: https://admin.google.com.

  12. Click the navigation menu. Navigate to Security > Access and data control > API Controls.

  13. Under Domain wide delegation, click MANAGE DOMAIN WIDE DELEGATION.

  14. Click Add New and add the following details.

    Client ID - Provide a service account's client ID. Use the client_id value from the service account private key file.

    User OAuth Scope https://www.googleapis.com/auth/admin.directory.user

    Group OAuth Scope https://www.googleapis.com/auth/admin.directory.group

    Role OAuth Scope https://www.googleapis.com/auth/admin.directory.rolemanagement

    Org Unit OAuth Scope https://www.googleapis.com/auth/admin.directory.orgunit

    1.  

  15. Click Authorize and save your changes.

Here’s a Google link outlining the above for your reference: https://developers.google.com/workspace/guides/create-credentials