Prepare Google Workspace connectors

The Google Workspace connector is used to determine users, usage activities, and licenses.

In Google Cloud Platform, you are required to create a service account for your project and generate a key file, and set up API access. In Google Workspace Admin console, locate your Customer ID and enter it, together with the key file content and an admin account email, in Settings when adding the connector.

Procedure

  1. In Google Cloud Platform:

    1. Go to the service accounts page and select a project or create a new one.

    2. Create a service account for the project, and grant it at least the role Viewer.

    3. For the service account, create a key in JSON format.

      The new public/private key pair is generated and downloaded to your device; it serves as the only copy of the private key. You are responsible for storing it securely. If you lose this key pair, you will need to generate a new one. This file is used when adding the connector.

    4. Copy the Unique ID for your service account. It will be used to enable access for the service account to data in a Google Workspace domain.

    5. Set up API access to the project in which you created a service account.

      From the API library, find and enable:

      • Admin SDK API

      • Enterprise License Manager API

  2. In the Google Workspace Admin console:

    1. Go to the API controls page and enable domain wide delegation for the previously created service account:

      1. In Client ID, enter the Unique ID for your service account, copied in Step 1.d.

      2. In OAuth scopes (comma-delimited), enter this list of scopes that your application should be granted access to:

        • https://www.googleapis.com/auth/admin.directory.user.readonly

        • https://www.googleapis.com/auth/admin.reports.usage.readonly

        • https://www.googleapis.com/auth/admin.directory.domain.readonly

        • https://www.googleapis.com/auth/apps.licensing

        • https://www.googleapis.com/auth/admin.directory.customer.readonly

    2. On the Account Settings page, copy the Customer ID. It will be used when adding the connector.

  3. When adding the connector, in Settings, enter the values according to the table.

    Setting

    Value from Google

    Customer ID

    Your account Customer ID from Google account settings.

    Service account key

    The content of the service account key JSON file downloaded to your device.

    Admin email

    The email address of an admin account (new or existing) with at least the following administrative permissions enabled:

    • Admin console privileges:

      • Domain Settings

      • Reports

    • Admin API privileges:

      • Users Read

      • License Read

      • Billing Read

      • Domain Management

    The email of this admin account will be used by the service account to impersonate the admin user while accessing the API.

After completing this task, follow the general procedure to Add connectors.

The connector makes SDK calls to the vendor to retrieve data.