Delegate domain-wide authority to your service account

Steps

  1. From your domain's Admin console, go to Main menu > Security > Access and data control > API controls.
  2. In the Domain wide delegation pane, select Manage Domain Wide Delegation.
  3. Click Add new.
  4. In the Client ID field, enter the client ID obtained from the service account creation steps above
  5. In the OAuth Scopes field, enter a comma-delimited list of the scopes required for the application
  6. Use the below scopes:
    • https://www.googleapis.com/auth/admin.directory.user.readonly
    • https://www.googleapis.com/auth/admin.directory.domain.readonly
    • https://www.googleapis.com/auth/admin.directory.group.readonly
    • https://www.googleapis.com/auth/admin.directory.rolemanagement.readonly
  7. Click Authorize.

    Required scopes

    • DirectoryService.Scope.AdminDirectoryUserReadonly
    • DirectoryService.Scope.AdminDirectoryDomainReadonly
    • DirectoryService.Scope.AdminDirectoryGroupReadonly
    • DirectoryService.Scope.AdminDirectoryRolemanagementReadonly