Google Chat Bot Access Requirements

Configuring and exposing a bot in Google Hangouts Chat primarily involves the following:

  1. Creating a project in Google Cloud Platform. All subsequent configuration steps we take would be in the scope of this ‘project’ you create.
  2. “Enable” the Google Chat API for the project.
  3. Configure credentials for the API. There are two steps here:
    1. Create a Service account for the bot
    2. Generate a credentials JSON private key file

The rest of this document goes into specifics of this process. Before you begin configuration, please ensure you have the administrative privileges for the Google Cloud Platform in your organization.

1. Navigate to the Google API dashboard:

Start by navigating to https://console.developers.google.com/apis/dashboard in your browser.

2. Create a new project

Under your organization space, create a new project and name it “Moveworks”. Please be sure to confirm that all the following operations are done for the “Moveworks” project.

3. Enable the Google Chat API

  1. After you click on the Enable APIS and Services button, search for the Google Chat API as shown below.
  2. Select Google Chat API:
  1. Click “Enable” to add it to the Moveworks project:

4. Get credentials for the Google Chat API

Next, we will create a Service Account for the bot to access. Click on “Credentials” on the left hand navigation menu, then select “Create Credentials > Service account”:

Populate the necessary information as needed in the form:

After creating the Service Account, on the main “Credentials” menu, click on the service account email address. Then select “Keys > Add Key > Create new key”

Leave the type as JSON and click Create.

This will generate JSON credentials similar to the one below and automatically download them to your computer.

NOTE: After you download the key file, you cannot download it again.

{
  "type": "service_account",
  "project_id": "moveworks",
  "private_key_id": "<ALPHANUMERICAL>",
  "private_key": "-----BEGIN PRIVATE KEY-----\<ALPHANUMERICAL>\n-----END PRIVATE KEY-----\n",
  "client_email": "[email protected]",
  "client_id": "<NUMERICAL>",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://oauth2.googleapis.com/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
	"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/moveworks%40moveworks.iam.gserviceaccount.com"
}

Share the credentials JSON file securely with the Moveworks Team. Please speak to a Moveworks representative if you have questions on how to do this securely.

Configure the Google Chat Bot

Navigate back to the dashboard (https://console.developers.google.com/apis/dashboard) and click on the Google Chat API listed. Click on Configuration on the Google Chat API menu which will take you to the bot configuration page. Fill out the following fields as appropriate: (all settings can be changed later on)

  1. App Name: Temporarily put “Moveworks” if no bot name has been chosen yet
  2. Avatar URL: Temporarily can use a placeholder. This will eventually be updated to your bot’s avatar. This can be a Cloudinary link or a previously uploaded avatar from the Slack Edge CDN.
  3. Description:'s AI-Powered IT Assistant”
  4. Bot Functionality: Choose Receive 1:1 messages and select Enable Interactive features
  5. Connection settings: Select App URL - and for the App URL, use the following URL, replacing with the App Name field value from step 1, and companydomain.com with the domain of your Google workspace:
https://app.moveworks.ai/<appname>@companydomain.com/gchat/events
https://app.moveworksgov.ai/<appname>@companydomain.com/gchat/events
https://app.am-eu-central.moveworks.ai/<appname>@companydomain.com/gchat/events
https://app.am-ca-central.moveworks.ai/<appname>@companydomain.com/gchat/events

Permissions: Before moving forward, make sure that you see a message stating the chat app is available to everyone in your workspace. This will ensure that users can access your Moveworks bot

⚠️ Note: If you do not see the below text, your bot configuration will not be functional.

Once you have filled out the settings above, please take a screenshot of the settings before clicking “Save changes”.

Please share the App URL you have entered with your Moveworks team.

Publishing the app to your workspace on the Google Workspace Marketplace SDK

Configure the app in Google Workspace Maketplace SDK

Before moving forward with Chat App configuration, you will need to first publish your app with the Google Workspace Marketplace SDK (Google documentation link)

  1. First, in the same Google Cloud project, search for and select Google Workspace Marketplace SDK
  1. Select enable
  1. On the App configuration page, select the following settings:
    1. App Visibility: Private
    2. Installation Settings: Individual + Admin Install
    3. App Integration: Chat app
  1. For the Developer Information section, fill in the following information:
    1. Developer Name: Moveworks
    2. Developer website URL: https://www.moveworks.com
    3. Developer Email: [email protected]

    Configure Oauth Permissions page

    Google will now require you to set up an Oauth Permissions page in order to publish to the marketplace. You will be able to navigate to Oauth permissions page configuration via a link in a warning box on the Store Listing page or by clicking on the option in the vertical menu on the left of the page.
  1. Set the user type to Internal
  2. Bot name : Same as app name
    1. User Support Email : Choose email from drop down.
    2. Developer Contact Information : [email protected]
    3. Save and Continue
    4. For the initial set up, scopes are not necessary, press Save and Continue

Publish App via the Store Listing Page

  1. Return to the Google Workspace Marketplace SDK, via Enable APIs and Services tab in left menu.
  2. Click Google Workspace Marketplace SDK
  3. Now go to the Store Listing tab
  4. In App details, select the arrow next to the default language and add a Detailed Description
  5. Category :Use the drop down to choose a selection
  6. Graphics Assets and Screenshots: Temporarily can use a placeholder. This will eventually be updated to your bot’s avatar. This can be a Cloudinary link or a previously uploaded avatar from the Slack Edge CDN.
  7. Support Links
    1. Terms of Service URL: https://www.moveworks.com/terms
    2. Privacy Policy URL: https://www.moveworks.com/us/en/legal/privacy-policy
    3. Support URL:https://status.moveworks.com/
  8. Distribution: Choose all regions, unless certain regions are specified.
  9. Click Publish

Confirm App installation in Google Chat.

Bot will be available as a recipient of a chat once publishing is complete.

❗️

Ensure Workspace Allows 3rd Party Apps

After publishing the app, if the "New chat" search cannot find your bot and "Find apps" is not visible like in the screenshot below, your organization may not allow 3rd party app. Please check with your Google Workspace Admin about security settings for 3rd party apps as documented in this page (link).

Proactive Bot Reach Out

In order to have the bot reach out to users, domain wide delegation will need to be enabled.

Please follow the steps in this Google Documentation on Domain Wide Delegation to enable this feature. Add chat.spaces.create (https://www.googleapis.com/auth/chat.spaces.create) OAuth scope in Step 5 of this documentation.