Purpose

Setting up domain-wide delegation allows the Unleash service account to impersonate users from your organization. This will enable Unleash to auto-magically create Links to supported Google Workspace services (such as Google Drive, Gmail, and Google Calendar) as soon as a new user joins your Unleash workspace, instead of the user having to manually set up the Links and authorize Unleash’s access using OAuth. This automatic process is called Link Provisioning. Provisioned links act like regular, manually created links, and can be easily removed by the user if they wish.

Prerequisites

The person configuring the domain-wide delegation must be an administrator of the relevant Google Workspace organization.

Setup

  1. Go to https://admin.google.com/ac/owl/domainwidedelegation - sign in if needed. If you are already signed in and have multiple organizations/domains, ensure you are signed into the correct account for the intended domain.
  2. At the top of the “API Clients” table, click “Add new”

Untitled

  1. In the dialog that opens, under “Client ID”, provide the value 101066985626398460460

  2. In the same dialog, under “OAuth scopes” add the following scopes (comma-delimited list follows)

    openid
    profile
    email
    <https://www.googleapis.com/auth/admin.directory.user.readonly>
    <https://www.googleapis.com/auth/gmail.readonly>
    <https://www.googleapis.com/auth/admin.directory.group.readonly>
    <https://www.googleapis.com/auth/calendar.readonly>
    <https://www.googleapis.com/auth/directory.readonly>
    <https://www.googleapis.com/auth/userinfo.profile>
    <https://www.googleapis.com/auth/drive.photos.readonly>
    <https://www.googleapis.com/auth/contacts.readonly>
    <https://www.googleapis.com/auth/drive.readonly>
    <https://www.googleapis.com/auth/drive.metadata.readonly>
    <https://www.googleapis.com/auth/drive.activity.readonly>
    

For your convenience, bellow is the same list of scopes formatted with commas

openid,profile,email,<https://www.googleapis.com/auth/admin.directory.user.readonly,https://www.googleapis.com/auth/gmail.readonly,https://www.googleapis.com/auth/admin.directory.group.readonly,https://www.googleapis.com/auth/calendar.readonly,https://www.googleapis.com/auth/directory.readonly,https://www.googleapis.com/auth/userinfo.profile,https://www.googleapis.com/auth/drive.photos.readonly,https://www.googleapis.com/auth/contacts.readonly,https://www.googleapis.com/auth/drive.readonly,https://www.googleapis.com/auth/drive.metadata.readonly,https://www.googleapis.com/auth/drive.activity.readonly>
  1. Click the “Authorize” button
  2. Notify your Unleash contact that this process has been completed, so that we can validate that the setup is successful and configure your requested link provisioning automations.
Powered by Fruition