Google Workspace Integration

This document provides a step-by-step guide for integrating Google Workspace with TheStorage service. These steps are essential for the service to retrieve and synchronize "Domain" user data. The service exclusively fetches profile data. To streamline the user experience and reduce the necessity for individual user configuration and setup, you must create a Google Workspace Service Account. This account enables seamless background actions on behalf of your users.

Requirements

Google Workspace Admin permissions are required to complete the following steps.

Steps

1. Navigate to console.cloud.google.com.

2. Create a New Project.

   

3. Name the project as TheStorage. If required by your organization, you can choose a specific location, although it's recommended to place it in the top-level location.

   

4. Click the Create button. It may take a few moments to create the new project.

5. Within the APIs & Services menu, choose Credentials.

   

6. Click the Create Credentials button and choose the Service Account menu item.

   

7. On the Create Service Account page, enter the following information:

• Service Account Name: thestorage_svc

• Service Account ID: thestorage_svc (automatically generated)

• Service Account Description (optional): TheStorage Service Account

  

8. When you're ready, click the CREATE AND CONTINUE button.

9. There's no need to grant access to the project. Click on the CONTINUE button.

10. You don't have to provide user access to this service account. Click on the DONE button.

11. Now, you have a service account. However, there are still some additional steps to complete.

12. Click the edit (pencil) button for the service account.

    

13. On this page, you'll find a unique ID. Please make sure to copy this number and store it somewhere. You'll need it shortly.

    

14. On this page, click on the KEYS tab.

    

15. Click the ADD Key button, and choose the Create new key menu item.

    

16. Under the Key Type, choose JSON (which is the default option), and then click on the CREATE button.

    

17. You will download a JSON file that will be required later. Please ensure you keep this file in a secure location.

18. Now that the Service Account is set up, let's proceed to grant it some permissions.

19. Now that the service account is ready, the final step on the Google side is to grant permissions to this account.

20. Navigate to the https://admin.google.com page and log in using the Administrator account.

21. From the left sidebar menu, go to Security -> Access and Data Control -> API controls. If you don't see it, you can use the search bar to find it.

    

22. Click on the MANAGE DOMAIN WIDE DELEGATION button.

    

23. On this page, click the Add new button.

    

24. In the Add new client ID pop-up, configure the following values:

• Client ID: Paste the Unique ID here that you saved earlier.

• OAuth scopes: https://www.googleapis.com/auth/admin.directory.user.readonly

  

25. Click the AUTHORIZE button.

26. The administrative tasks are complete. The final step is to fill out the Google Workspace integration form on TheStorage site.

27. You will need the following:

• The JSON file that you downloaded during the key generation.
• The domain name that the company uses (e.g., mycompanyname.com).
• The email address of the administrator who is executing this task.