Google Workspace

Navigate to Domains List

In the left navigation menu, click Account > Domains > Manage domains

Copy Your Domain

Copy the Domain you wish to connect from the displayed list. Store this to be used in later steps.

Go to Your Google Cloud Console

Go to your Google Cloud Console at https://console.cloud.google.com/

Navigate to the API Library

In the left navigation menu, click APIs & Services > Library

Locate the Admin SDK API

Using the search bar, enter a search for “admin sdk”. Click the Admin SDK API result.

Enable the Admin SDK API

Click the Enable button to enable the Admin SDK API for your organization.

Navigate to Admin SDK API Credentials

In the Admin SDK API Manage page, scroll down to click Credentials.

Create New OAuth Client ID

Under Credentials, click Create Credentials > OAuth client ID

Enter Application Details

Under Create OAuth client ID, enter the following details:

• Application type: Web application
• Name: Enter a name for the new application
• Authorized redirect URIs: https://api.stackone.com/connect/oauth2/googleworkspace_iam/callback

Then click the Create button at the bottom to proceed.

Copy Application Credentials

The new application’s Client ID and Client Secret will be displayed. Copy these values and store them securely to be used in the next step.

Go to OAuth Consent Screen Setup

After enabling the Admin SDK API, click APIs & Services > OAuth consent screen in the left navigation menu.

Select User Type

Under User Type select Internal, then click the Create button.

Enter Application Information

Under Edit app registration, enter the following required details:App information

• App name: Enter a name for the new application
• User support email: Your Google Workspace account email

Authorized domains

• Authorized domain 1: Enter the Domain you copied in a previous step. Example: my-org.com

Developer contact information

• Email addresses: Your Google Workspace account email

Then click the Save and Continue button to proceed.

Select Required Application Scopes

Click the Add or Remove Scopes button, and a popout window will appear on the right titled Update selected scopes.Enable the following scopes which are required for full functionality of this integration:

• https://www.googleapis.com/auth/admin.directory.group.readonly
• https://www.googleapis.com/auth/admin.directory.group.member.readonly
• https://www.googleapis.com/auth/admin.directory.user.readonly
• https://www.googleapis.com/auth/admin.directory.orgunit.readonly
• https://www.googleapis.com/auth/admin.directory.rolemanagement.readonly

You can copy and paste each scope into the Filter bar to quickly locate them.Once all five scopes have been enabled, click the Update button to proceed.

Complete Scope Selection

Confirm that each of the required scopes is listed under Your sensitive scopes.Then click the Save and Continue button to proceed.

Enter Credentials

Upon reaching the Link Account page, enter the credentials from the previous steps:

• Domain
• Client ID
• Client Secret
• Scopes - If you selected only the required scopes in the previous steps, leave the default value for this field. Otherwise, enter the space-separated list of scopes granted to your application.

Proceed by clicking the Connect button.

Grant OAuth Application Consent

A window will appear and may prompt you to log in to your Google Workspace account.After logging in, you will be displayed the OAuth consent screen you configured in a previous step.Click the Allow button to grant the application access to your Google Workspace account.