Google

​

Prerequisites

1. Admin access to Google Cloud Console.
2. Access to a StarTree environment.
3. Obtain the redirect URI from StarTree.

​

Steps

​

Create an OAuth client

1. Access your Google Cloud Console.
2. Create a new project or open an existing project.
3. Create an Oauth app: a. Open APIs & Services. b. Click on Credentials. c. Click on Create Credentials > Oauth client ID. d. Select Web application as the application type. e. Enter a name for the application. f. Enter the authorized redirect URI provided by StarTree (this will be in the form of https://identity.<env-id>.<org-id>.startree.cloud/callback) g. Copy the Client ID under Additional information. You will need to provide this to StarTree. h. Click Create.

​

Fetching Groups from Google

1. Follow this guide to set up a service account with Domain-Wide Delegation. Make sure that you: a. Generate the key as a JSON file. You will need to share the key file with StarTree. b. When setting up domain-wide delegation of authority for the service account, set the OAuth scope to https://www.googleapis.com/auth/admin.directory.group.readonly. Only include the scope shown above, otherwise the setup will not work.
2. Enable the Admin SDK.
3. In the Google Admin Console, create or identify a Google Workspace user with a minimum of the Groups Reader role assigned, and provide this user ID to StarTree. The service account you created earlier will impersonate this user when making calls to the admin API. A valid user should be able to retrieve a list of groups when testing the API.