The steps in this section enable Google Workspace to allow access between your Workspace and the Service Account. This provides visibility of the Mailbox Data to the Service Account.

  1. Access your Workspace, and navigate to Security > API Controls, and select MANAGE DOMAIN-WIDE DELEGATION.

    AT-Manage-Domain-Wide-Delegation.jpg

  2. In the Domain-wide delegation window, select Add New.

    AT-Manage-Domain-Wide-Delegation-Add-New.jpg

  3. In the Add a new client ID window:

    AT-Add-a-New-clientID.jpg

    1. Enter the Unique ID of the Service Account, which you copied after you linked the Service Account to your Workspace.

    2. In the OAuth scopes (comma-delimited) field, you can specify the OAuth scopes, which are the areas of the Workspace that this OAuth service will have permissions to access. Enter the scopes for Gmail-only access (separated by commas) which are:

      • https://mail.google.com

      • Email

      • Profile

    3. Select Authorize. After the scopes are authorized, the Service Account will be granted access to User Mailbox data.