This section describes how to add the client ID from the service account credentials to the Google Admin console. These settings allow Google to trust FortiClient EMS, which enables FortiClient EMS to retrieve information from the Google domain.
To add service account credentials to the Google Admin console:
- In the Google Admin console, go to Menu > Security > Access and data control > API controls.
- Click Manage Domain Wide Delegation, then click Add New.
- Set the following options:
- In the Client ID field, add the client ID from the service account credentials.
- In the OAuth Scopes field, add the following string: https://www.googleapis.com/auth/admin.directory.orgunit.readonly,https://www.googleapis.com/auth/admin.directory.user.readonly
The API scopes are case-sensitive and must be lowercase. You may need to copy the string into a text editor and remove spaces created by words wrapping to the second line in the PDF.
- Click Authorize.