...
Use the following steps to set up a Google Workspace (formerly GSuite) Service account.
Log on to https://console.cloud.google.com with a Super User account.
You will need a project. If you have not created one, refer to this page for instructions: https://support.google.com/googleapi/answer/6251787?hl=en.
The image below is what you should see. In this example,
...
“DZ Project” is the project (1). If your project is not listed, select it from the list at the top of the screen (2).
...
Open the menu (1),
...
select IAM &
...
Admin (2), and select Service
...
Accounts (3).
...
...
Click + CREATE SERVICE ACCOUNT
...
at the top of the page.
...
Enter the Service account name (1) and Service account description (2) and then
...
click CREATE AND CONTINUE
...
(3).
...
Do not select a role on the next page; just click CONTINUE.
...
You will now be on the “Grant users access to this service account” step of the process. Click DONE.
...
You will now be on the service account page.
...
Select your service account.
...
Select the KEYS (1) tab. Then, from the ADD KEY menu (2), select Create new key (3).
...
Select JSON (1) and click
...
CREATE(2).
The private key will be saved to a JSON file and downloaded to your computer. Click CLOSE to continue.
...
Select the
...
DETAILS tab (1) and
...
make note of the Unique ID (2)
...
...
Select Enable G Suite Domain-wide Delegation (1) and click SAVE (2).
Note: If you want the Service Account to have read-only access, you will leave this box blank.
...
...
Now go to https://console.developers.google.com/apis/library and log in with a Super Admin account.
...
Select your project from the project list (1). (“TATest” is our sample project.)
...
...
Search for “Google Drive API.”
...
Select the “Google Drive API” tile.
...
Select the ENABLE button.
...
If you did it correctly, you can search for “Google Drive API” and select it again. It should look like this.
...
...
Search for “Admin SDK API.”
...
Select the “Admin SDK API” tile.
...
Select the ENABLE button.
...
If done correctly, you can search again and verify it looks like this.
...
...
You only need these two APIs to be enabled. Other default APIs are selected when you create the project but they aren’t needed.
for the service account. (The unique ID and Client ID for the service account will be the same.) Be sure to copy this number somewhere as you will need to use it later.
...
Open the menu (1), select APIs & Services (2), and select Library (3).
Search for “Google Drive API” (1) and select the corresponding tile in the search results (2).
Click ENABLE. You can verify the API was enabled by searching for “Google Drive API” again and verifying you see the “API Enabled” status.
Search for “Admin SDK API” (1) and select the corresponding tile in the search results (2).
Click ENABLE. You can verify the API was enabled by searching for “Admin SDK API” again and verifying you see the “API Enabled” status.
Now go to https://admin.google.com and log in with a Super Admin account.
...
Scroll down and select the Security icon.
...
...
Under Security, select the API Controls.
...
...
This will open the following screen. Select Manage Domain Wide Delegation.
...
...
Get the “Client ID” from downloaded JSON.
...
Paste the “Client ID” value in the “Client ID” field
...
In the left menu, select Security (1), select Access and data control (2), and select API controls (3).
Select MANAGE DOMAIN WIDE DELEGATION.
Select Add new.
The Unique ID from step 13 is the Client ID. Note that you can also get the client ID from the downloaded JSON Keys file. Copy the ID into the Client ID field.
Paste the string of scopes provided below in the OAuth scopes field.
https://www.googleapis.com/auth/admin.directory.group,https://www.googleapis.com/auth/admin.directory.user,https://www.googleapis.com/auth/drive
...
Click AUTHORIZE.
If done correctly, it should look like this.
...
(If
...
yours does not look like the example, select the Remove link at the end of the row and try again.)
