Configuring OAuth 2.0 for G-Suite Adapter
  • 06 Jul 2022
  • 2 Minutes to read
  • Contributors
  • Dark
    Light

Configuring OAuth 2.0 for G-Suite Adapter

  • Dark
    Light

Configuring OAuth 2.0 for G Suite Adapter

Standard vs. Extended

As of version 4.1, the G-Suite Adapter supports two different forms of OAuth2 authentication. The original form (credential type GOOGLE, used with defineGoogleOAuthCredential()) is based on the Installed Applications scenario. For most uses, this form is the easiest to configure and use, and is sufficient for most usages of the G-Suite Adapter. The new form ((credential type GOOGLE_EXTENDED, used with defineGoogleExtendedOAuthCredential())) is based on the Service Account scenario. While more difficult to configure and use, this form provides some additional flexibility to impersonate any user within the domain without needing explicit approval from each user, which, in conjunction with the new callGoogleAPI() action, allows you to do things such as manage Calendars and Google Drive files for individual users, which an admin account would not normally be able to do. The User Interface for the Google Cloud Platform Console changes from time to time so the exact steps may be different than what is listed below.

Creating a Google Cloud Platform Project

Both GOOGLE and GOOGLE_EXTENDED credentials require the creation of a Google Cloud Platform project. A single project can be used for multiple credentials of either type, with the limitation that the credentials within the same project will all share the same G-Suite API Quotas.

  1. Browse to the Google Cloud Platform Console (Google Developers Console), and log in with the credentials that you want to own the Client ID and Client Secret
  2. Select the dropdown menu, and click NEW PROJECT.
  3. Give the project a name, select the organization and location and click CREATE.
  4. If not already selected, select the project created above.
  5. Click on the menu button at the top left of the page, select APIs & Services, and then select dashboard
  6. Click ENABLE APIS AND SERVICES and enable the following APIS
    1. Admin SDK (required)
    2. Calendar API (optional - only needed if provisioning calendar resources or trustees)
    3. Contacts API (optional - only needed if provisioning shared contacts)
    4. Group Settings API (optional - only needed if using Google Groups for Business/Education and want control group settings)
    5. Google Classroom API (optional - only needed if you will be using the Google Classroom Adapter)
  7. There will be several other APIs that were enabled by default: you may disable them if desired.
  8. Note that you may come back and enable/disable APIs at any time.

Creating an Administrator account

You will need an account with Administrator privileges in the domain you want to manage. While you can use the default administrative account, it is usually a good idea to create a separate User and grant the necessary administrative privileges.

Choose Standard or Extended Configuration

Deleting an OAuth Credential

  • Navigate to Connect > OAuth2 Credentials. Select the credential and press the Delete button.

Was this article helpful?