Google admin console
      Back to home
      1. Support Center
      2. Data Sources
      3. Google admin console

      Google admin console

      A simple step-by-step guide of how to set up permissions for your Google accounts.

      First, you need to visit https://console.cloud.google.com/ and login (Note: the account needs to have admin rights). 

      When your are done sennd us your JSON file created in this process so we can start with scanning and cleaning up your data! AND  the your D&M contact what  global admin users that was used to create the JSON

      We need BOTH the JSON and the the name of the globals admin email in order to proceed

       

      1. When you log in, the page should look like on the screenshot below. First step is to create a project and to do that, click on the button marked red on the same screenshot.


      Screenshot 2025-05-23 at 10.41.26


      2. New page should open where button “New project” needs to be visible and selected.


      Screenshot 2025-05-23 at 10.42.31

       

       

      3. To create a new project, all you need to do is to write a name of it (with no spaces) and click on Create button.


      4. After you created a project, your page should look like on the screenshot below. Just make sure that your new project is selected. It's easy to check it - the name of it should be visible on the button marked with red box on the same screenshot.



      5. Once you have your project created and opened, click on the menu on the left and select APIs  & Services > Library



      6. After Library is opened, type in "Gmail API" in the search bar and click on the first result:



       

       

      7. Product details should be opened and all you need to do there is click on Enable button:



      8. After you enable it, your page should look like the one on the screenshot below. From there, click on Credentials > Create credentials > OUauth client ID:

      Screenshot 2025-07-10 at 13.40.01

      9. Application type should be "Web application":

      Screenshot 2025-07-10 at 13.41.14

       

      10. Give a name for your OAuth client ID. It's only used to identify the client in the console and it will not be showed to end users. When you entered the name, click on Add URL under "Authorized redirect URLs":

      Screenshot 2025-07-10 at 13.42.13

       

      11. Enter redirect URLs

      • "the primary server domain" + "/api/auth/google/login/callback"

      • So if your server domain is: https://dev.gdpr.dataandmore.com then redirect URL should be:

        https://dev.gdpr.dataandmore.com/api/auth/google/login/callback

      • And a universal return URL for PoC
        https://signup.dataandmore.com/api/authorize_redirect_google

      After that, click on Create.

      Screenshot 2025-07-10 at 13.51.06

       

      12. New pop up window will appear where you have to copy Client ID and Client secret before clicking on OK. That is the data that needs to be sent to us.

      Screenshot 2025-07-10 at 13.52.16

      13. Now, we need to add a service account. To do that, go to Credentials > Manage service accounts:


       

      14. When on service accounts page, click on Create service account (marked with red on screenshot below):



      15. The page like on screenshot below should be visible now. Enter your service account name (whatever you prefer), copy the email address that is been created because you’ll need it later, and click on Done.

       

       

      16. Now your service account is visible in the table. To proceed, click on the email (marked with red box on screenshot below):



      17. From there, open the tab Keys and go to Add key > Create new key:


      18. Default selection will be JSON file and it needs to stay like that. Click on Create. The JSON file will be downloaded and we are going to use it for App registration on our Toolbox. 

       

       

      19. After your key is created, you need to go to Details tab, scroll a bit down and copy the Client ID because you’ll need it later. After that, click on View Google Workspace Admin Console.



      20. In your Admin console go to the side menu and click on Security > Access and data control > API controls. Scroll a bit down until you see Manage domain wide delegation and click on it.





      21. Click on Add new:



      17. New pop up window should be opened. Here you can enter Client ID that you copied earlier and these four links that are actually permissions (you can enter all four links in the same text input but they need to be separated with a comma or you can enter them separately):


      https://www.googleapis.com/auth/gmail.readonly


      https://www.googleapis.com/auth/admin.directory.user.readonly


      https://www.googleapis.com/auth/gmail.labels


      https://www.googleapis.com/auth/gmail.modify



      After you entered all necessary information, click on Authorize:


      22. Your newly created API client should be visible in the table like on screenshot below:




      And that’s it! Whenever you are ready, send us your JSON file created in this process so we can start with scanning and cleaning up your data! AND the global admin email that was used to create the JSON