GSuite domain key generation

Owned by Eduardo Ortega (Unlicensed)
Last updated: Nov 11, 2016
3 min read


Introduction

This page describes the process to generate a Google Apps / GSuite domain Service Account that can be used later on for the ProcessMaker - GMail integration, as well as for making use of Google's Enterprise Connectors, for example, for integrating a ProcessMaker process with Google Sheets.

Requirements

In order to be able to authorize access to the  G Suite todmain API, a G Suite domain account with administrator access is needed.

Set up

Create a Google API project and Service Account

  1. Create a Google APIs Project at https://console.developers.google.com/iam-admin/projects . Give it any name you like. For this example, we use My Test Project.

  • Go to Service Accounts. You will be prompted to select a project. Select the one you just created and Open it:

  • Click on Create Service Account. Give it any name you want, and use the following options:

    1. Furnish a new private key with key type JSON.

    2. Enable G Suite Domain-wide Delegation


  • A JSON file will be downloaded. Make sure you don't lose it, as it is a private key file and there are no other copies of it. This is the key file that is used for the ProcessMaker GMail integration as well as for makinguse of the Google Enterprise Connectors.
  • Back on the Service accounts left menu option you will see a list of the existing service accounts for your project, including the one you just created. Click on the View Client ID link and copy the Client ID shown, then click Cancel to go back. You will need the Service Account email address shown below the Client ID as well, if you are planning to use the ProcessMaker - GMail integration with this service account.

Enable Google APIs to be used by the previously created project

  • Click on the top left menu icon, then select API Manager, then go to Library:

  • On the search box enter the text Drive and click on the matching resulting API, called Google Drive API:

  • Click on Enable and then on the arrow pointing left

  • Repeat the Search and Enable steps we just performed for the Drive API, for the following APIs (Other APIs may be required depending on the set of Google Services you want to use):

    1. Google Apps Marketplace SDK

    2. Google Calendar API

    3. Google Sheets API

  • On the left pane, click on the dashboard. You should see the enabled APIs. Notice that both the Apps Marketplace SDK and the Drive API can be configured by clicking on the gears shown on the right side

  • Click on the gear for the Google Drive SDK and fill in all the following  fields:

    1. Application name: any name.

    2. Short description: any description.

    3. Long description: any description.

    4. Application icons: upload the icons. They are not used but are mandatory.

    5. Open URL: not used, but mandatory.

    6. Under section Creating files:

      1. Allow users to create new documents using this application: make sure this IS checked.

      2. New URL: not used, but mandatory.

      3. Document name: any name.

    7. Click on Save Changes, and then go back to the Dashboard.

  1. Click on the gear for the Google Apps Marketplace SDK and fill in all the required fields:

    1. Application name: prefilled for you, you can change it if you want to.

    2. Application description: add a description. It can be any text, but it is a mandatory field.

    3. Enable Individual Install: make sure this IS NOT checked.

    4. Application icons: upload the icons. They are not used but are mandatory.

    5. Terms of service URL: not used, but mandatory.

    6. In the Extensions section, make sure that Drive extension is checked.

    7. Click on Save Changes, and then go back to the Dashboard.

Authorize the Service Account to have access to the required API scopes

  • Go to your GSuite account Admin console at admin.google.com, click on Security → Show More → Advanced Settings → Manage API Client access.

  • On the Client Name field enter the Cliend ID of the previously created Service Account. On the One or More API Scopes field, enter the following Scopes, then click on Authorize:

https://spreadsheets.google.com/feeds, https://www.googleapis.com/auth/calendar, https://www.googleapis.com/auth/calendar.readonly, https://www.googleapis.com/auth/drive, https://www.googleapis.com/auth/drive.appdata, https://www.googleapis.com/auth/drive.file, https://www.googleapis.com/auth/drive.metadata, https://www.googleapis.com/auth/drive.metadata.readonly, https://www.googleapis.com/auth/drive.photos.readonly, https://www.googleapis.com/auth/drive.readonly, https://www.googleapis.com/auth/drive.scripts, https://www.googleapis.com/auth/gmail.compose, https://www.googleapis.com/auth/gmail.insert, https://www.googleapis.com/auth/gmail.labels, https://www.googleapis.com/auth/gmail.modify, https://www.googleapis.com/auth/gmail.readonly, https://www.googleapis.com/auth/gmail.send, https://www.googleapis.com/auth/plus.login, https://www.googleapis.com/auth/plus.me, https://www.googleapis.com/auth/spreadsheets, https://www.googleapis.com/auth/spreadsheets.readonly, https://www.googleapis.com/auth/userinfo.email, https://www.googleapis.com/auth/userinfo.profile

Bear in mind that different scopes may be required depending on the API’s you are planning to access using this service account. Once you have added all required scopes, you should be able to use the JSON service account key