Google Workspace Settings

To create user accounts in Google Workspace, ADManager Plus requires access to Google Workspace with the appropriate privileges. To enable this, configure the Google Workspace settings in ADManager Plus by providing the credentials of an account with administrative privileges.

To configure Google Workspace settings in ADManager Plus

1. Click the Admin tab.
2. Navigate to Directory/Application Settings in the top-right corner of the dashboard.
3. Go to the Google Workspace tab to configure your Google Workspace account.
4. Enter the Username, Service Account Email, and P12 Key File Path associated with your Google Workspace admin account.
5. Select the domains from the Linked Domains drop-down menu.

   Note: You can link multiple Google Workspace accounts to the same domain.

6. Click Save.

Steps to create a Google Workspace service account

1. Navigate to the Google Cloud Console.
2. Log in to your Google Workspace Administrator account.
3. In the left pane, click IAM & Admin and navigate to Manage Resources.
4. Create a new project named ADManager Plus or use an existing project.
5. In the left pane, toggle to APIs & Services and click Library.
6. Click and enable the required APIs from the given list.
• Admin SDK
• Contacts API
• Google Workspace Migrate API
• Google People API
• Gmail API
• Google Calendar API
• Google Drive API
• Groups Migration API
• Groups Settings API
• Google Sheets API
• Tasks API
7. Navigate back to IAM & Admin and in the left pane, click Service Accounts.
8. Click Create a Service Account, enter the name as ADManager Plus, and click Create and Continue.
9. Skip or configure roles and permissions, and click Done.

   

Steps to authorize your service account

1. Navigate to the Google Cloud Console.
2. In the Google Admin Console home page, navigate to Security > Access and data control > API controls.
3. Click Manage Domain Wide Delegation > Add new, and enter the client ID of the service account that you created.
4. Enter the following scopes under OAuth Scopes:
   • https://www.googleapis.com/auth/admin.directory.user
   • https://www.googleapis.com/auth/admin.directory.group
   • https://www.googleapis.com/auth/admin.directory.orgunit
   • https://www.googleapis.com/auth/admin.directory.domain.readonly
   • https://mail.google.com/
   • https://www.googleapis.com/auth/contacts
   • https://www.googleapis.com/auth/calendar
   • https://www.googleapis.com/auth/drive
5. Click Authorize.

   

To modify the scopes of an existing service account

• Navigate to Manage Domain Wide Delegation and click the service account email.
• Click Edit. In the Edit Scopes window that pops up, add or remove the given scopes.

Click here to learn more about domain-wide delegation of authority.

Steps to create a p12 key for your service account

1. Navigate to the Google Cloud Console.
2. In the left pane, select IAM & Admin and navigate to Service Accounts.
3. Select the service account email and toggle to the Keys tab.
4. Click Add Key and generate a new P12 key for your service account.
   Note: The private key is created and automatically downloaded. Note the filename and location, as it is needed to configure a Google Workspace account in ADManager Plus.

You can perform the following actions on the added Google Workspace accounts:

1. Edit: To modify the account details, click th e Edit icon a nd change the required values. Then click Save.
2. Delete: To delete a domain, click the Trash icon.
3. Refresh: To synchronize the account details, click the Refresh icon. This synchronizes Active Directory users with their Google Workspace accounts (assuming both were created using the same email address).