Add a Google Workspace system
Go to Systems > Overview.
Click Add.
Select Google for System Type.
Enter a System Name.
Click Save.
The new System is added to the Configured Systems pane.
In a new tab, go to the Google Cloud Platform console at https://console.cloud.google.com/.
Create a new project named
NIMproject
and switch to it.Expand the menu and go to APIs & Services > Library.
Search for and enable the following APIs:
Admin SDK API
Expand the menu and go to APIs & Services > OAuth Consent Screen.
Select the Internal user type and click Create. Enter
NIM
for the App Name. Enter a relevant User Support Email and Developer Email Address. Click Save And Continue.On the Scopes page, click Save And Continue.
On the Summary page, click Back To Dashboard.
Expand the menu and go to APIs & Services > Credentials.
Click Create Credentials > Service Account.
For the Service Account Name, enter
NIM
. Accept the default generated Service Account ID value. Click Create and Continue. Click Done.Click the pencil icon to edit the newly created NIM service account. On the Details tab, click Show Domain-Wide Delegation to expand it. Select the Enable Google Workspace Domain-Wide Delegation checkbox. Click Save. Copy the Email and Unique ID to a local text editor application.
Go to the Keys tab. Click Add Key > Create New Key. Select P12. Click Create. The .p12 file is downloaded. Copy the Private Key Password (
notasecret
) to a local text editor application. Click Close.Go to the Google Admin Console at https://admin.google.com/.
Go to Security > Settings > API Controls.
Click Manage Domain-Wide Delegation.
Click Add New.
Paste the Unique ID you copied earlier into the Client ID field.
In the OAuth Scopes (Comma-Delimited) field, enter
https://www.googleapis.com/auth/admin.directory.user,https://www.googleapis.com/auth/admin.directory.group,https://www.googleapis.com/auth/admin.directory.orgunit,https://www.googleapis.com/auth/admin.directory.rolemanagement
.Click Authorize. The new OAuth application is added with 4 scopes.
Return to your NIM browser tab. Add a certificate using the .p12 certificate you downloaded earlier, and the password you copied (
notasecret
). Name the certificateGoogle
.In NIM, edit the Google system you created previously. See Edit a system.
For the Application (Client) ID, paste the service account Email you copied previously. For the Directory (Tenant) ID, enter the email address you use to log in to Google Cloud Platform. For the Certificate, select the Google certificate you just added.
Click Save.
Click Test Connection. A success message is returned.