Versions Compared

Version Old Version 2 New Version 3
Changes made by

Andrea Harvey

Andrea Harvey

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Use the following steps to set up a Google Workspace (formerly GSuite) Service account.

  1. Log on to https://console.cloud.google.com with a Super User account.

  2. You will need a project. If you have not created one, refer to this page for instructions: https://support.google.com/googleapi/answer/6251787?hl=en.

  3. The image below is what you should see. In this example, “TATest” “DZ Project” is the project (1). If your project is not listed, select it from the list at the top of the screen (2).

    Image RemovedImage Added

  4. Open the menu (1), navigate to select IAM & adminAdmin (2), and select Service accountsAccounts (3).

    Image RemovedImage Added

  5. Select the Click + CREATE SERVICE ACCOUNT link at the top of the page.

    Image RemovedImage Added

  6. Enter the Service account name (1) and Service account description (2) and then select the click CREATE AND CONTINUE button (3).

    Image RemovedImage Added

  7. Do not select a role on the next page; just click CONTINUE.

    Image RemovedImage Added

  8. You will now be on the “Grant users access to this service account” step of the process. Click DONE.

    Image RemovedImage Added

  9. You will now be on the service account page. Find and click on Select your service account.

    Image RemovedImage Added

  10. Select the KEYS (1) tab. Then, from the ADD KEY menu (2), select Create new key (3).

    Image RemovedImage Added

  11. Select JSON (1) and click Create CREATE(2).

    Image Added

  12. The private key will be saved to a JSON file and downloaded to your computer. Click CLOSE to continue.

    Image RemovedImage Added

  13. Select the Details DETAILS tab (1) and open the SHOW DOMAN-WIDE DELEGATION menu make note of the Unique ID (2) .

    Image Removed

  14. Select Enable G Suite Domain-wide Delegation (1) and click SAVE (2).
    Note: If you want the Service Account to have read-only access, you will leave this box blank.

    Image Removed

  15. You will see a “Unique ID” and “Client ID” fields on your service account with a value.  Take note of this number for the service account. (The unique ID and Client ID for the service account will be the same.) Be sure to copy this number somewhere as you will need to use it later.

    Image Removed

  16. Now go to https://console.developers.google.com/apis/library and log in with a Super Admin account.

  17. Select your project from the project list (1). (“TATest” is our sample project.)

    Image Removed

  18. Search for “Google Drive API.”

  19. Select the “Google Drive API” tile.

  20. Select the ENABLE button.

  21. If you did it correctly, you can search for “Google Drive API” and select it again.  It should look like this.

    Image Removed

  22. Search for “Admin SDK API.”

  23. Select the “Admin SDK API” tile.

  24. Select the ENABLE button.

  25. If done correctly, you can search again and verify it looks like this.

    Image Removed

  26. You only need these two APIs to be enabled. Other default APIs are selected when you create the project but they aren’t needed.

  27. Image Added

  28. Open the menu (1), select APIs & Services (2), and select Library (3).

    Image Added

  29. Search for “Google Drive API” (1) and select the corresponding tile in the search results (2).

    Image Added

  30. Click ENABLE. You can verify the API was enabled by searching for “Google Drive API” again and verifying you see the “API Enabled” status.

    Image Added

  31. Search for “Admin SDK API” (1) and select the corresponding tile in the search results (2).

    Image Added

  32. Click ENABLE. You can verify the API was enabled by searching for “Admin SDK API” again and verifying you see the “API Enabled” status.

    Image Added

  33. Now go to https://admin.google.com and log in with a Super Admin account.

  34. Scroll down and select the Security icon.

    Image Removed

  35. Under Security, select the API Controls.

    Image Removed

  36. This will open the following screen.  Select Manage Domain Wide Delegation.

    Image Removed

  37. Get the “Client ID” from downloaded JSON.

  38. Paste the “Client ID” value in the “Client ID” field

  39. Paste this string of scopes in the “One or More API Scopes” box (you will need to copy the scopes to Notepad first then remove the line break): In the left menu, select Security (1), select Access and data control (2), and select API controls (3).

    Image Added

  40. Select MANAGE DOMAIN WIDE DELEGATION.

    Image Added

  41. Select Add new.

    Image Added

  42. The Unique ID from step 13 is the Client ID. Note that you can also get the client ID from the downloaded JSON Keys file. Copy the ID into the Client ID field.

  43. Paste the string of scopes provided below in the OAuth scopes field.
    https://www.googleapis.com/auth/admin.directory.group,https://www.googleapis.com/auth/admin.directory.user,https://www.googleapis.com/auth/drive Client ID
    https://www.googleapis.com/auth/admin.directory.group
    https://www.googleapis.com/auth/admin.directory.user
    https://www.googleapis.com/auth/drive

  44. Select the Authorize button.Click AUTHORIZE.

    Image Added

  45. If done correctly, it should look like this.

    Image RemovedImage Removed

    (If not yours does not look like the example, select the Remove link at the end of the row and try again.)

    Image Added