Versions Compared

Version Old Version 1 New Version 2
Changes made by

Andrea Harvey

Andrea Harvey

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

Use the following steps to set up a Google Workspace (formerly GSuite) Service account.

  1. Log on to https://console.cloud.google.com with a Super User account.

  2. You will need a project. If you have not created one, refer to this page for instructions: https://support.google.com/googleapi/answer/6251787?hl=en.

  3. The image below is what you should see. In this example, “TATest” is the project (1). If your project is not listed, select it from the list at the top of the screen (2).

    Image Modified

  4. Open the menu (1), navigate to IAM & admin (2), and select Service accounts (3).

    Image Modified

  5. Select the + CREATE SERVICE ACCOUNT link at the top of the page.

    Image Modified

  6. Enter the Service account name (1) and Service account description (2) and then select the CREATE AND CONTINUE button (3).

    Image Modified

  7. Do not select a role on the next page; just click CONTINUE.

    Image Modified

  8. You will now be on the “Grant users access to this service account” step of the process. Click DONE.

    Image Modified

  9. You will now be on the service account page. Find and click on your account.

    Image Modified

  10. Select the KEYS (1) tab. Then, from the ADD KEY menu (2), select Create new key (3).

    Image Modified

  11. Select JSON (1) and click Create (2).

    Image Modified

  12. Select the Details tab (1) and open the SHOW DOMAN-WIDE DELEGATION menu (2).

    Image Modified

  13. Select Enable G Suite Domain-wide Delegation (1) and click SAVE (2).
    Note: If you want the Service Account to have read-only access, you will leave this box blank.

    Image Modified

  14. You will see a “Unique ID” and “Client ID” fields on your service account with a value.  Take note of this number as you will need to use it later.

    Image Modified

  15. Now go to https://console.developers.google.com/apis/library and log in with a Super Admin account.

  16. Select your project from the project list (1). (“TATest” is our sample project.)

    Image Modified

  17. Search for “Google Drive API.”

  18. Select the “Google Drive API” tile.

  19. Select the ENABLE button.

  20. If you did it correctly, you can search for “Google Drive API” and select it again.  It should look like this.

    Image Modified

  21. Search for “Admin SDK API.”

  22. Select the “Admin SDK API” tile.

  23. Select the ENABLE button.

  24. If done correctly, you can search again and verify it looks like this.

    Image Modified

  25. You only need these two APIs to be enabled. Other default APIs are selected when you create the project but they aren’t needed.

  26. Now go to https://admin.google.com and log in with a Super Admin account.

  27. Scroll down and select the Security icon.

    Image Modified

  28. Under Security, select the API Controls.

    Image Modified

  29. This will open the following screen.  Select Manage Domain Wide Delegation.

    Image Modified

  30. Get the “Client ID” from downloaded JSON.

  31. Paste the “Client ID” value in the “Client ID” field

  32. Paste this string of scopes in the “One or More API Scopes” box (you will need to copy the scopes to Notepad first then remove the line break): 
    https://www.googleapis.com/auth/admin.directory.group,https://www.googleapis.com/auth/admin.directory.user,https://www.googleapis.com/auth/drive
    Client ID
    https://www.googleapis.com/auth/admin.directory.group
    https://www.googleapis.com/auth/admin.directory.user
    https://www.googleapis.com/auth/drive

  33. Select the Authorize button.

  34. If done correctly, it should look like this.

    Image ModifiedImage Modified


    If not yours does not look like the example, select the Remove link at the end of the row and try again.