A service account provides an efficient way to connect multiple mailboxes to Ebsta. Mailbox management is undertaken by an Administrator, bypassing the need for users to manually add their mailbox and keep it connected every time they change their password. This makes adding new users easy and allows Admins and Managers to have confidence that all relevant data is in Ebsta.
Create a Gmail service account
Go to the Google Cloud Platform Console and sign in as a super administrator. If this is your first time signing in to the console, you will be asked to agree to the Terms of Service.
Step 1: Create a new project.
1.1 From the main dashboard, click Create Project.
If you have used the console before, you will need to click the down arrow to open your projects list.
1.2. Click New Project.
1.3. Enter a Project name for example 'Gmail Service Account' and click Create.
Step 2: Enable APIs Sets.
2.1 Make sure your new project is selected in the projects list at the top of the screen and then click Enable APIs & Services.
2.2. In the API library, search for the following API sets; Gmail API, Google Calendar API & Contacts API. Click on each of them in turn and click Enable. This allows the adding of permission scopes later, but nothing has been granted yet.
Note: To get back to the API Library each time you will need to click the menu button and select APIs & Services > Library.
Step 3: Create the service account user
3.1. Click the menu button and select IAM & Admin > Service accounts.
3.2. Click Create Service Account.
3.3. Fill in a name and description for the service account and click Create.
3.4. Grant permission to the Project Owner role access to the service account and click Continue.
3.5. Click Done.
3.6. Open the menu in the Action column and click Create Key.
3.7. Leave the key type as JSON and click Create.
3.8. The JSON file should be downloaded to your computer. You must store this securely as it provides access to your resources. Click Close.
Step 4: Enable G Suite domain-wide delegation.
4.1. Open the menu in the Action column and click Edit.
4.2. Click the down arrow next to Show Domain-wide Delegation to expand the options.
4.3. Check the box for Enable G Suite Domain-wide Delegation.
4.4. Give a product name for the consent screen a name and click Save.
Step 5: Enable service accounts with Gmail
5.1. Login to GSuite Admin Console.
5.2. Click Security.
5.3. Scroll down and click API Controls.
5.4. Click Manage Domain Wide Delegation.
5.5. Click Add New.
5.6. Input the Client ID* (see below how to find this) of your service account and in OAuth scopes input:
Then click Authorize.
* Client ID is the unique ID of the Service account client (not the Key ID). It can be found by clicking the menu button in the GCP console and selecting IAM & Admin > Service accounts. Click View Client ID and then copy it onto your clipboard.
5.7. Your service account will now be displayed here.
5.8. Allow 5 mins for the change to go through the system on Gmail side.
Once the change has gone through and your setup tested, you are ready to connect your service account to Ebsta (by uploading your JSON file) and to connect your mailboxes. Follow the instructions in this article: