# Setting up G Suite service account

To generate service-account credentials, or to view the public credentials that you've already generated, do the following in your Google API Console:

1. Open the [Service accounts page](https://console.cloud.google.com/iam-admin/serviceaccounts).
2. If prompted, select a project, or create a new one. You must enable the following APIs: Gmail API, Google Calendar API, Contacts API, Google People API, and Tasks API.
3. Click **Create service account**.

<figure><img src="https://2347016775-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FpfahWVY94WP1EHugi6X6%2Fuploads%2FGHp7KFBhaS1Vtthls2Kt%2FMonosnap%20Service%20accounts%20%E2%80%93%20IAM%20%26%20Admin%20%E2%80%93%20Sync%20%E2%80%93%20Google%20Cloud%20console%202024-12-27%2013-32-15.png?alt=media&#x26;token=e089fd86-2d3b-48fe-9bd8-122ae3346945" alt=""><figcaption></figcaption></figure>

4. Under **Service account details**, type a name, ID, and description for the service account, then click **Done**.

<figure><img src="https://2347016775-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FpfahWVY94WP1EHugi6X6%2Fuploads%2FR5oNpNqjy5TuXFxN3OnI%2FMonosnap%20Create%20service%20account%20%E2%80%93%20IAM%20%26%20Admin%20%E2%80%93%20Sync%20%E2%80%93%20Google%20Cloud%20console%202024-12-27%2013-34-27.png?alt=media&#x26;token=eab480b2-0e42-48a3-91cd-7c03c584be0d" alt=""><figcaption></figcaption></figure>

5. Optional: Under **Service account permissions**, select the IAM roles to grant to the service account, then click **Continue**.
6. Optional: Under **Grant users access to this service account**, add the users or groups that are allowed to use and manage the service account.
7. From the main "Service accounts" screen select the newly created account

<figure><img src="https://2347016775-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FpfahWVY94WP1EHugi6X6%2Fuploads%2FHPWismO3faxlXjFlEoSU%2FMonosnap%20Service%20accounts%20%E2%80%93%20IAM%20%26%20Admin%20%E2%80%93%20Sync%20%E2%80%93%20Google%20Cloud%20console%202024-12-27%2013-36-13.png?alt=media&#x26;token=38faa6a7-4122-4f4a-b9e4-dddea818bbac" alt=""><figcaption></figcaption></figure>

8. Click the **Enable G Suite Domain-wide Delegation** button to activate this feature (if it is not already enabled). Copy the **Unique ID**, as it will be needed later.\
   Click **ADD KEY** to create a new JSON key if there is no key yet (you will need to upload this key). Then save the form.

Now an administrator of the G Suite domain needs to delegate authority to the service account, using the Unique ID value you copied.

1. From your G Suite domain’s [Admin console](https://admin.google.com/), go to **Main menu menu > Security > Advanced settings \[API Controls].**
2. In the **Domain wide delegation** pane, select **Manage Domain Wide Delegation**.

<figure><img src="https://2347016775-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FpfahWVY94WP1EHugi6X6%2Fuploads%2FKBt7nmPof7HCKCwSngag%2Fimage.png?alt=media&#x26;token=6db020a5-9f92-4b35-941e-d22569d2665c" alt=""><figcaption></figcaption></figure>

3. Click **Add new**.

<figure><img src="https://2347016775-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FpfahWVY94WP1EHugi6X6%2Fuploads%2FAJPX84DwGXpGSctw8BhB%2Fimage.png?alt=media&#x26;token=f58dc8c8-000c-4b8c-867d-88b1230f928b" alt=""><figcaption></figcaption></figure>

4. In the **Client ID** field, enter the service account's **Unique ID** that you have copied.
5. In the **OAuth scopes (comma-delimited)** field, enter the list of scopes that your application should be granted access to. You will need these scopes:\
   `email`,\
   `https://www.googleapis.com/auth/calendar`,\
   `https://mail.google.com/`,\
   `https://www.googleapis.com/auth/contacts`,\
   `https://www.googleapis.com/auth/tasks`,\
   \
   If you plan to enable meeting transcript syncing, also include the following scopes:\
   `https://www.googleapis.com/auth/meetings.space.readonly`,\
   `https://www.googleapis.com/auth/drive.readonly`,\
   `https://www.googleapis.com/auth/documents.readonly`
6. Click **Authorize**.