Guides
System StatusRaise a TicketZluri Website
Start typing to search…

Connect via Service Account

This guide explains how to integrate Google Workspace with Zluri using Service Account authentication and domain-wide delegation. This allows Zluri to access user data, groups, licenses, and audit logs from Google Workspace.

Prerequisites

  • Admin access to the Google Admin Console
  • Admin access to the Google Cloud Console
  • Service Account created in the Google Cloud project
  • Verified domain in Google Workspace
  • GSuite Admin credentials for domain-wide delegation

Step 1: Get API Credentials at Google Workspace

  1. From your Google Workspace domain’s Admin Console, navigate to Main menu > Security > API Controls.

  2. In the Domain wide delegation pane, select Manage Domain Wide Delegation.

  3. Click Add new.

  4. In the Client ID field, enter the Zluri service account's Client ID: 112390080167718584607

  5. In the OAuth scopes (comma-delimited) field, enter the following scopes:

    https://www.googleapis.com/auth/admin.directory.domain.readonly,
https://www.googleapis.com/auth/admin.directory.group.readonly,
https://www.googleapis.com/auth/admin.directory.orgunit.readonly,
https://www.googleapis.com/auth/admin.directory.user.readonly,
https://www.googleapis.com/auth/admin.directory.user.security,
https://www.googleapis.com/auth/admin.reports.audit.readonly,
https://www.googleapis.com/auth/admin.reports.usage.readonly,
https://www.googleapis.com/auth/apps.licensing

    For workflow actions, also add:

    https://www.googleapis.com/auth/admin.directory.group,
https://www.googleapis.com/auth/gmail.settings.basic,
https://www.googleapis.com/auth/gmail.settings.sharing

  6. Click Authorize.

🚧

Note: The Client ID for Zluri is 112390080167718584607, which must be added in the Client ID field for domain-wide delegation.

Step 2: Connect the Integration in Zluri

  1. Log in to the Zluri Admin Console.
  2. Navigate to Sources → Integrations → Browse Catalog.
  3. Search for Google Workspace (Service Account).
  4. Click Connect Integration (or Connect another instance if already connected).
  5. Upload the downloaded JSON key file.
  6. Enter your Google Workspace domain (tenant).
  7. Click Connect.

Step 3: Review and Add Scopes in Zluri

  1. Review the required scopes presented by Zluri.
  2. Add additional scopes if required for your use case.
  3. Choose an authorization method:
    • Self-Authorization: Proceed directly to the next step.
    • Co-worker Authorization: Enter co-worker's details and share the unique Connect Code.

Step 4: Authorize the Connection

  1. Enter the email address of the GSuite Admin used in domain-wide delegation.
  2. Confirm the connection and authorize access through the Zluri interface.

Once authorized, Zluri will begin syncing user and domain-level data from Google Workspace.

Troubleshooting

Connection Fails?

  • Double-check the Client ID used in domain-wide delegation.
  • Verify that the correct scopes were added.
  • Ensure the service account has the necessary permissions.
  • Ensure that the JSON key format is valid and correctly uploaded.
  • Review organization policies if key creation fails.

This updated version includes the Client ID for Zluri and correctly maps the steps. Let me know if you'd like this formatted into Markdown for use or exported in any other format.

Updated about 4 hours ago