Delegate Domain-Wide Authority to the Service Account

To authorize other applications to access domain-wide data of Gmail and Google Drive users, delegate domain-wide authority to the service account.

For instructions on delegating domain-wide authority, go to the Google Identity Platform website, Delegating domain-wide authority to the service account.

Enter the following G Suite, Gmail, and Google Drive API scopes that your application will access:

https://mail.google.com/, https://www.googleapis.com/auth/admin.directory.group.member, https://www.googleapis.com/auth/admin.directory.group, https://www.googleapis.com/auth/admin.directory.orgunit, https://www.googleapis.com/auth/admin.directory.user, https://www.googleapis.com/auth/admin.directory.user.alias, https://www.googleapis.com/auth/admin.directory.rolemanagement, https://www.googleapis.com/auth/drive

Note

  • After you delegate domain-wide authority, you can see the application Client ID. You will need this information when you create a virtual client.

  • If you plan to use an already created project by your organization, create a new service account under the project.

  • Enable domain-wide delegation for the service account.

  • Enter the following OAuth 2.0 scopes for the services that the service account can access:

    https://mail.google.com/,https://www.googleapis.com/auth/admin.directory.group.member,https://www.googleapis.com/auth/admin.directory.group,https://www.googleapis.com/auth/admin.directory.orgunit,https://www.googleapis.com/auth/admin.directory.user,https://www.googleapis.com/auth/admin.directory.user.alias,https://www.googleapis.com/auth/admin.directory.rolemanagement,https://www.googleapis.com/auth/drive,https://www.googleapis.com/auth/admin.directory.user.security

Loading...