Fill in the required fields as follows:įor OAuth consent screen section: Application nameĮnter the name of the app asking for consent.Ĭlick the Add or Remove Scopes button to add the required scopes. For more details, please refer to Google's Exceptions to verification requirements.ĩ. If you get an error, the client ID might not be registered with Google or there might be duplicate or unsupported scopes.You will not be charged when selecting this option. For example, if the application needs domain-wide access to the Google Drive API and the Google Calendar API, enter and. You can use any of the OAuth 2.0 Scopes for Google APIs. In OAuth Scopes, add each scope that the application can access (should be appropriately narrow).If you're the owner of the service account, you can look up the ID.) (Typically, the ID is provided by the developer. You can find the ID (also known as the Unique ID) in the JSON file that you downloaded when you created the service account or in Google Cloud (click IAM & Admin Service accounts the name of your service account).Įnter the client ID of the service account or OAuth2 client ID of the app. Learn about Marketplace apps data access and installation.Ĭlick Add new and enter your service account client ID. You can also manage domain-wide installation and view API scopes for Google Workspace Marketplace apps. For this reason, only super admins can manage domain-wide delegation, and they must specify each API scope that the app can access. For example, grant domain-wide delegation to a migration app that duplicates user content from another service to Google Workspace. About domain-wide delegationĭomain-wide delegation is a powerful feature that allows apps to access users' data across your organization's Google Workspace environment. To delegate access in the Google Admin console, you add the client ID of the service account or OAuth2 client ID of the app, and then grant access to supported Google APIs (scopes). Users activate apps without being prompted for consent, and you can specify the user data that the apps can access.
Three-legged OAuth apps, which normally require individual user consent. For example, you can delegate access to an application that uses the Calendar API to add events to your users' calendars. Internal apps (for example, automation apps) that developers create for your organization.
Google Workspace migration and sync tools Typical apps granted domain-wide delegation: Then, you authorize the service accounts to access your users' data without requiring each user to give consent. As an administrator, you can use domain-wide delegation of authority to grant third-party and internal applications access to your users' data.Īpp developers and administrators can create service accounts with OAuth 2.0.
0 kommentar(er)
