Google Workspace Settings

    To create user accounts in Google Workspace, ADManager Plus must be able to access Google Workspace and have the necessary privileges to create accounts. For this purpose, you must configure the Google Workspace settings in ADManager Plus by providing the credentials of a Google Workspace account with the necessary administrative privileges.

    To configure Google Workspace settings in ADManager Plus

    • Click the Admin tab.
    • In the left pane under System Settings, click Microsoft 365/Google Workspace.
    • Switch to the Google Workspace tab to configure your Google Workspace account.
    • Enter the Username, Service Account Email, and P12 Key File Path associated with your Google Workspace admin account.
    • Select the domains from the Linked Domains drop-down menu.

      Note: You can link multiple Google Workspace accounts to the same domain.

    • Click Save.

    Steps to create a Google Workspace service account

    • Go to https://console.cloud.google.com/
    • Log in to your Google Workspace Administrator account.
    • In the left pane, click IAM & Admin and navigate to Manage Resources.
    • Create a new project named ADManager Plus or use an existing project.
    • In the left pane, toggle to APIs & Services and click Library.
    • Click and enable the required APIs from the given list.
      • Admin SDK
      • Contacts API
      • Google Workspace Migrate API
      • Google People API
      • Gmail API
      • Google Calendar API
      • Google Drive API
      • Groups Migration API
      • Groups Settings API
      • Google Sheets API
      • Tasks API
    • Navigate back to IAM & Admin and in the left pane, click Service Accounts.
    • Click Create a Service Account, enter the name as ADManager Plus, and click Create and Continue.
    • Skip or configure roles and permissions, and click Done.

      google-apps-active-directory-management-tool

    Steps to authorize your service account

    • Go to https://admin.google.com/
    • In the Google Admin Console home page, navigate to Security > Access and data control > API controls.
    • Click Manage Domain Wide Delegation > Add new, and enter the client ID of the service account that you created.
    • Enter the following scopes under OAuth Scopes:
    • https://www.googleapis.com/auth/admin.directory.user
    • https://www.googleapis.com/auth/admin.directory.group
    • https://www.googleapis.com/auth/admin.directory.orgunit
    • https://www.googleapis.com/auth/admin.directory.domain.readonly
    • https://mail.google.com/
    • https://www.googleapis.com/auth/contacts
    • https://www.googleapis.com/auth/calendar
    • https://www.googleapis.com/auth/drive
    • Click Authorize.

      google-apps-active-directory-management-tool

    To modify the scopes of an existing service account

    • Navigate to Manage Domain Wide Delegation and click the service account email.
    • Click Edit. In the Edit Scopes window that pops up, add or remove the given scopes.

    Click here to learn more about domain-wide delegation of authority.

    Steps to create a p12 key for your service account

    • Go to https://console.cloud.google.com/
    • In the left pane, click IAM & Admin and navigate to Service Accounts.
    • Click the service account email and toggle to the Keys tab.
    • Click Add Key and generate a new P12 key for your service account.
      Note: The private key is created and automatically downloaded. Note down the filename and location, as it is needed to configure a Google Workspace account in ADManager Plus.
    • google-apps-active-directory-management-tool

    Note:
    1. If you receive an error stating "No changes found. Error while backing up calendar - 401 Unauthorized" or "Please configure an account to continue," check if you have enabled the Google People API. Also, make sure that you have entered the following scopes under OAuth scopes:
      • https://mail.google.com/
      • https://www.googleapis.com/auth/contacts
      • https://www.googleapis.com/auth/calendar
      • https://www.googleapis.com/auth/drive
    2. If you're still getting the errors after following the troubleshooting steps above, restart the product once.

    You can perform the following actions on the added Google Workspace accounts:

    1. Edit: To modify the account details, click the edit icon icon-edit and change the required values. Then click Save.
    2. Delete: To delete a domain, click the trash icon icon-delete.
    3. Refresh: To synchronize the account details, click the refresh button icon-refresh. This synchronizes Active Directory users with their Google Workspace accounts (assuming both were created using the same email address).

    Don't see what you're looking for?

    •  

      Visit our community

      Post your questions in the forum.

       
    •  

      Request additional resources

      Send us your requirements.

       
    •  

      Need implementation assistance?

      Try onboarding