In your Google Cloud Project, you defined API Services, which consisted of an OAuth Consent screen and the Web Application-based OAuth Client. You connected the OAuth Client to ArcTitan’s Redirect URIs. (Note that there are at least two Redirect URIs, each relating to a different Web UI Entry point, that is, the Classic Search UI and the newer V9 UI.)
The purpose of this section is to access your Google Workspace account and set up permission for external Apps to access your Workspace services. The steps below explain how to link the OAuth Client ID you generated to your Google Workspace. You'll create a special service account to access your Workspace, which is restricted to only accessing the parts to which you give it permission via OAuth Scopes.
-
Log in to your Google Workspace with your administrator credentials.
Go to Security > Access and data control > API controls, which is where you'll add permission for the ArcTitan App to access Google Workspace. Initially this list will be blank.
-
Select Manage Third-Party App Access.
-
Next, select Add app > OAuth App Name Or Client ID.
In the Configure an OAuth app screen that opens, you’ll be prompted to enter the name of the OAuth app or Client ID. Go to your ArcTitan UI, and copy the Client ID of the Google OAuth Web Application that was created and paste it here.
-
You can specify the OAuth scopes, which are the areas of Google Workspace that this OAuth service can be given permission to access. There are several Google Workspace scopes to choose from, but for Gmail only access, the scopes are:
https://mail.google.com
Email
Profile
You can enter all three OAuth scopes at once, separated by commas, as shown in the following example:
Next, if you need to access multiple user mailboxes via IMAP to backfill the email Archive via the Mailbox Reader service, you must set up a Google Service Account with the authority to do this.