Skip to content
  • There are no suggestions because the search field is empty.

Enabling the Admin SDK API and Creating a Service Account in Google SSO

Enabling the Admin SDK API

To Enable the Admin SDK API, Log into the Google Cloud and open the menu on the left-hand side and select 'APIs & Services'. Select 'Enabled APIs and services' and click on 'ENABLE APIS AND SERVICES', the API Library will automatically load. Search for "Admin SDK API" and open it, then click 'ENABLE'.

 

Creating a Service Account

To create a service account, open the navigation menu on the left-hand side and select 'IAM & Admin' and then 'Service Accounts'.

Click on 'CREATE SERVICE ACCOUNT', give the account a name and accurate description then click 'CREATE AND CONTINUE'.

To grant this service account access to the project, select the role as 'Owner' then click 'ADD ANOTHER ROLE' and select the role as 'Editor'.

Click 'CONTINUE' and 'DONE' to save the service account. 

Click on the service account to open it, you will see there is a service account email and unique ID have been created. You will need to keep this open in one tab of your browser, while you carry out the next steps in another.

Log into your Google Admin Console then go to the Menu and select 'Security' then 'Access and data control', then 'API controls', and finally 'Manage Domain Wide Delegation'. 

Click the 'Add new' button, then copy the unique Client ID from the previous tab and paste it into the 'Client ID' field on this page.

In the 'OAuth Scopes' box, add the following: https://www.googleapis.com/auth/admin.directory.user.readonly 

Finally, click 'AUTHORISE' to save the new Client ID.

 

Linking with the Library System

Return to the previous tab with the google cloud console and ensure you are on the Services Accounts page of the 'IAM & Admin' section.

Click on the 'KEYS' tab and then select 'ADD KEY' and then 'Create New Key'. Select the key type as 'JSON' and then click 'Create'. 

A key will be created and a JSON file will be downloaded. Make sure that you keep this file safe, as if compromised, this file could become a security risk. 

Return to the library system in another window and ensure you have selected your identity provider, enter your Google Workspace admin email into the relevant box, then click the 'Upload' button and upload the JSON file you just downloaded. Click 'OK' to save these changes. 

Once this has been done, you will need to set up the scheduled task in the library system.