MithiDocs

Preparation for Google Workspace by enabling domain-wide delegation using OAuth service

Step 1: Create the access key 


1. Login to Google Workspace Admin account and navigate to Google developers console.

    Http link: https://console.developers.google.com


Google Workspace Admin account | LegacyFlo




a. Select top left panel.

b. Select IAM & Admin.

c. Select Service Accounts.

Google Workspace Admin account create the access key | LegacyFlo




2. CREATE A PROJECT

    a. Provide Project name.

    b. Select the Organization.

    c. Browse for the Location.

    d. Click on CREATE.

Google Workspace Admin account create the project | LegacyFlo



3. Create a service account

    a. Click CREATE SERVICE ACCOUNT.

Google Workspace Admin account create the service account | LegacyFlo

    

4. On the service account details window.

    a. Provide Service account name.

    b. Click on CREATE AND CONTINUE

Google Workspace Admin account create the Service account name | LegacyFlo




5. Grant this service account access to project.

    a. Select a role (Basic -> Owner)

    b. Click on CONTINUE

Google Workspace Admin account create the service account access | LegacyFlo




6. Grant users access to this service account (optional)

    a. Keep the defaults and click on DONE

Google Workspace Admin account created | LegacyFlo




7. On service account window.

    a. Click on Action button denoted by the three vertical dots

    b. Select Manage Keys

Google Workspace Admin Manage Keys | LegacyFlo



8. Create a key

    a. Drop down ADD KEY

    b. Select Create new key

Google Workspace Admin create new Keys | LegacyFlo




9. In Create private key.

    a. Select  JSON

    b. Click on CREATE. On creation, the key will be downloaded to your desktop. This will be required in Step 4

Google Workspace Admin create private key | LegacyFlo




10. Copy OAuth 2 Client ID - this will be required in step 3

    a. On copying the key, you will see the message Copied

Google Workspace Admin copy message | LegacyFlo




Step 2: Enable the API Services

1. Enable API Services

    a. Click on top left panel

    b. Select APIs & Services

    c. Click on Enabled APIs & services

Google Workspace Admin Enable the API Services | LegacyFlo





2. In the APIs & Services console

    a. Click on ENABLE APIS AND SERVICES

Google Workspace Admin Enable the API Services | LegacyFlo





3. In the API Library

    a. Search for the API. For mailbox access, seach for GMail. For drive access serach for GDrive

Google Workspace Admin Search for the API | LegacyFlo 




    b. Select your API. Select Google Drive API for Drive and GMail API to migrate email

Google Workspace Admin Google Drive API for Drive and GMail API to migrate email| LegacyFlo




    c. Click on ENABLE button

Google Workspace Admin Enable the API Services | LegacyFlo




Step 3: Enable domain-wide delegation

Login to G-suite Admin account and navigate to Google Admin.

 Http link: https://admin.google.com

    a. Click on Security

    b. Select on Access and data control

    c. Click on API controls

Google Workspace Admin Enable domain-wide delegation| LegacyFlo





    d. Click On MANAGE DOMAIN WIDE DELEGATION

Google Workspace Admin Manage Domain Wide Delegation| LegacyFlo 




   e. Click on Add new

Google Workspace Admin Enable the API Services| LegacyFlo




    f. Paste the Client ID which you copied earlier

    g. In OAuth scopes (comma-delimited), provide the string for the relevant API

GDrivehttps://www.googleapis.com/auth/drive
GMailhttps://mail.google.com/

 

    h. Click the AUTHORIZE button

Google Workspace Admin client id| LegacyFlo



This completes the process of enabling the domain-wide delegation for GSuite for the required API



Step 4: Register with LegacyFlo

When you generated the key, it was downloaded to your desktop as a JSON file. This key has to be registered with LegacyFlo.

  1. Login into LegacyFlo
  2. From the menu on the left side, click on the Profile icon at the bottom
  3. On the pop-up menu, select Google Workspace integrations
  4. If you have an access key for GMail, select Gmail. If you have an access key for GDrive, select GDrive 
  5. To register the access key for a new domain, click on the + sign next to Register Key for the domain
    1. Your user id, Client App, and Resource Owner fields will be pre-filled. Enter the domain name for which the key is to be registered
    2. Choose the JSON file which has been downloaded to your desktop.
    3. Click on Save
    4. Close the dialog box.
  6. To update the key for a domain, click on the edit icon next to the domain name and chose the new JSON file