How to Create a Gmail/GSuite Service Account

Gmail/GSuite Service Accounts are used for various mail access management tasks, for example to mass-authorize Revenue Inbox Sync engine to work with the end users’ Gmail data via RI Chrome Extension for Gmail.

Within this scenario, a service account configured by the local mail Admin provides a simple way to authorize multiple Gmail boxes for RI use, so the end users do not need to get their mailboxes authorized manually, and keep it connected every time they change their password. This makes adding new product users easier and allows admins and managers to ensure that all users get all Revenue Inbox features unrolled for them.

 

Step 1. Create a Project

1.1. Sign in to your Gmail/GSuite Console with a Super administrator account at https://console.developers.google.com/

1.2. If you have used the Console previously, then at the top of the window, click the Expand icon ̬ next to your latest project name to expand your projects list. If you haven’t used the Console before, you will first need to agree to the Console’s Terms of Service.

 

1.3. Next, click New Project.

1.4. Enter a Project name and click Create. In this example we set the name Gmail Service Account.

 

 

Step 2. Enable Gmail API Sets

2.1. In the drop-down menu, again make sure your Project is selected and click the ENABLE APIS AND SERVICES button.

 

2.2. Use the search box on the right-hand side to search for and Enable the following API sets: Gmail API, Google Calendar API and Contacts API. This allows to add corresponding access permission scopes later (but it hasn’t been granted yet).

   

 

The above example illustrates Gmail API enabling; to return from a specific API page click the API & Services link on the left-hand side, and then click the ENABLE APIS AND SERVICES button, as before.

 

 

Step 3. Create a Service Account User

3.1. In the top-left corner of the Console window, click Menu ☰. Next, select IAM & admin and then Service accounts.

 

3.2. Then click + CREATE SERVICE ACCOUNT.

 

3.3. Fill in a name and description to identify the service account and click CREATE.

 

3.4. In the next window, assign the Project Owner Role to the service account and click Continue.

 

3.5. Next, click + Create Key.

 

3.6. Select JSON format for the key (the default one) and click CREATE.

 

3.7. The JSON file should be downloaded to your hard drive; store the key file securely as it provides access to your Gmail resources. Close the download notification and proceed to the next step.

 

3.8. After the file is downloaded click DONE to confirm the changes. Copy the Unique ID of the created service account to a text file or the clipboard to be used later.

 

 

Step 4. Enable Gmail/GSuite delegation for the domain

4.1. Find the newly created Service account in the list, then click Menu next to it under Actions and select Edit.

 

4.2. On the Edit screen, click SHOW DOMAIN-WIDE DELEGATION to view the options.

 

4.3. After that select the checkbox for Enable G Suite Domain-wide Delegation and enter the product name.

Then click Save to apply the changes.

 

 

Step 5. Enable Service Accounts in Gmail

5.1. Log in to Gmail and open the Admin panel; you will need to scroll down under the More section to find it.

 

5.2. On the Admin panel, click the Security icon.

 

5.3. Scroll down and click Advanced Settings, then select Manage API client access.

   

 

5.4. Now you need to set the Client Name and the API Scopes and then click Authorize.

The Client Name is the Unique ID of your Service account that you copied on Step 3.8 (not the Key ID).

If you didn’t copy it, it can be retrieved by clicking Menu ☰ in the upper left corner of the Console window. Then select IAM & admin and click Service accounts. Once there, click View Client ID and copy and paste the number.

 

The access should then be given for the specified API Scopes, as required; in this case it is the scrope https://www.googleapis.com/auth/gmail.readonly

 

5.5. Hold up for around 5 minutes for the update to be applied by Gmail.

5.6. Now you are all set up to test use the Gmail Service Account for end users authorization. Proceed to this article to learn how to do that.