Google

Opal supports integrations with Google Groups and Google Workspace (and GCP referenced in detail here).

In order for Opal to manage these integrations on your behalf, you'll need to create a Google service account with proper permission scopes. Instructions for setting up this service account are below:

Setting up a Service Account for Opal

• Open the Service accounts page. If prompted, select a project.
• Click "+ Create Service Account" at the top of the page.
  • Step 1: Enter a name and description for the service account. When done click Create.
  • Step 2: Skip the Grant this service account access to project section by clicking Continue.
  • Step 3: Skip the Grant users access to this service account by clicking Done.
• Click into your newly-created service account, and go to the Keys tab.
• Click the Add key drop-down menu, then select Create new key.
• Select JSON as the Key type and click Create. Your new public/private key pair is generated and downloaded to your machine. You can now click Close on the open dialog.

Configure Permission Scopes for the Service Account

• Click into your newly-created service account, and go to the Details tab.
• Click open the Advanced Settings section, look under Domain-wide Delegation, and follow the instructions for setting up domain-wide delegation for your service account. You can alternatively follow these instructions below:
  • From your Google Workspace domain's Admin console, go to Main menu > Security > API controls.
  • In the Domain wide delegation pane, select Manage Domain Wide Delegation.
  • Click Add new.
  • In the Client ID field, enter the client ID under your service account's Details tab > Unique ID.
  • In the OAuth Scopes field, enter the desired scopes. Details for what scopes the Google Groups and Google Workspace integrations need are on their setup pages.