Google Group (GSuite) Access Requirements
General Setup
You will need to provide the following to Moveworks.
- A Service Account JSON file associated with a Google Cloud Platform Project that has been assigned the group admin role and has access to your tenant
- Customer ID from your Google Admin Console
Please provide the Service Account JSON file to your Moveworks Customer Success team via encrypted email.
Create GCP Project & Assign APIs
Before you begin the configuration, please ensure you have the administrative privileges for the Google Cloud Platform in your organization.
- Create a GCP Project
- Start by navigating to https://console.developers.google.com/apis/dashboard in your browser.
- Under your organization space, create a new project and name it “Moveworks”.
- Start by navigating to https://console.developers.google.com/apis/dashboard in your browser.
- Identify the APIs you need to enable
- Admin SDK API
- Groups Settings API
- Enable APIS for your GCP Project
- Navigate to the API Library & Enter the name of the APIs you want to activate
- Click Enable
- Navigate to the API Library & Enter the name of the APIs you want to activate
- Create a Service Account
- Navigate to APIs & Services > Credentials
- Select Create Credentials > Service Account
- Create the Service account by adding the name, ID and description and select Create and Continue - Note: Granting access to a project or Granting users access to this service account is optional
- Click on Actions > Manage keys
- Select Add Key > Create new key
- Select JSON as the Key type and click Create. You should see a notification that the service account JSON file has been downloaded and saved to your computer.
- Share this JSON file via secure encrypted email with your Customer Success Team
- Navigate to APIs & Services > Credentials
Fetching Customer ID:
- Sign into your Google Admin console
- In your admin console, go to Menu > Account > Account Settings > Profile
- Share the Customer ID with your Customer Success Team
Assigning Google Admin role to the service account:
- Sign into your Google Admin console
- In your admin console, go to Menu > Account > Admin roles
- Find the Group Admin role, select the role and click Assign admin
- Select Assign service accounts
- Enter the email address of the service account
- Click Add > Assign role
- Once complete, app should be visible in app list
You will see the Group admin role applied to the service account in your Admin audit log. Additionally, all actions taken by the Service Account will be shown in your Admin audit log.
Updated 10 months ago