Google Workspace (Service Account)
Content
- 1 Overview
- 2 Create an application
- 3 Create a service account
- 4 Delegate domain-wide authority to your service account (skip if you don't have a Google Workspace account)
- 5 Enable Google APIs
- 6 Manage rooms resources (skip if you don't have a Google Workspace account)
- 7 Share the resource(s) with the Service Account
- 8 Next steps
Overview
The default configuration of Google Workspace does not allow external software to interact with the agenda of meeting rooms. The purpose of this document is to describe what has to be configured in Google Workspace so that ROOMZ can read and interact with the agenda of the rooms.
All these steps assume that you are logged in to Google with a super admin account.
How to check if your account is a super admin account ?
Open admin.google.com go to “Manage Users” and open your user by clicking on the name. Under “Admin roles and privileges” make sure your account is a super admin account. If your account isn’t a super admin account, you will not be able to complete all the steps necessary for the system to work, in that case please contact your administrator.
Create an application
a. Connect to the Google Admin APIs console available at: https://console.cloud.google.com/, using your super admin account.
Once logged, search in the search bar for new project and click on “Create a Project”.
b. Enter a name for your application, and click on the “Create” button.
Create a service account
a. From the Google APIs Admin home screen, open the contextual menu on the top right of the console and click on “Project Settings”.
b. Click on the left side on “Service Accounts”.
c. Click on “Create Service Account”.
d. Enter an account name, for example “Roomz Service Account”, copy the “Service Account E-Mail” to a txt file for later and click on “Create and Continue”.
e. Select the role “Service Account User” and click “Done”.
f. On the overview of your service accounts, click on the 3 dots on the right. Select “Manage keys”.
g. Click on the “Add Key” button, choose “JSON format” and click on “Create” to download the key-file to your computer. Make sure you remember where you store this file because you won't be able to download it anymore. This file will be necessary to connect the ROOMZ Portal to Google Workspace.
h. Open the file with editor to copy and save the “Client ID” in your txt file for later.
i. You should now have noted in a txt file the following information’s and the key-file stored on your computer.
Service Account E-Mail
Client ID
JSON key file saved on your computer
Delegate domain-wide authority to your service account (skip if you don't have a Google Workspace account)
To access user data on a Google Workspace domain, the service account that you created needs to be granted access by a super administrator for the domain. For more information about domain-wide delegation, see Control Google Workspace API access with domain-wide delegation.
To delegate domain-wide authority to a service account:
a. From your Google Workspace domain’s Admin console, go to “Main menu” > “Security” > “API controls”.
b. In the “Domain wide delegation” panel, select “Manage Domain Wide Delegation” and click on “Add new”.
c. In the “Client ID” field, insert the client ID obtained from the JSON file steps above. In the “OAuth Scopes” field, enter the following list of scopes. Click on “Authorize”.
https://www.googleapis.com/auth/calendar, https://www.googleapis.com/auth/admin.directory.user.readonly
Enable Google APIs
a. From the Google APIs Dashboard available at https://console.cloud.google.com search for “Google Calendar API”:
b. Click on the “Google Calendar API” and enable it.
c. As soon as the “Google Calendar API” is activated, search for “Admin SDK API”.
d. Click on the “Admin SDK API” and enable it.
Manage rooms resources (skip if you don't have a Google Workspace account)
a. Go back to Admin console and search for “Calendar”:
b. From the Google Admin console home screen, Click on “Apps”.
c. Adapt the sharing settings at least as follows, for the primary and secondary calendars.
d. In order to create a new meeting room, click on “Resources”
e. Click on the yellow + icon and fill in the requested information's.
Regarding the Type field, In order to create a meeting room, you need to create a building first
f. After saving the resource, you can reopen it and identify its email address “Resource email”. Save the email address in your txt file, as you will need it at least in order to map your meeting room into the ROOMZ Server.
Share the resource(s) with the Service Account
This step is often overlooked and forgotten, but it is necessary if you want the configuration to work.
In order to share a calendar with the service account on the ROOMZ Server, you need to add the room's calendar in your calendar's list.
a. Go to “Your Calendar” by connecting to: https://calendar.google.com.
b. Search for “Other Calendars” on the left side of the screen, and click on the + to “Browse Resources”.
c. Add the wished resource to your calendar by checking the blue box, for example “ROOMZ TEST (1)”.
d. Click on the room's name on the left of the screen and open “Share with specific people or groups”.
e. Click on “Add people and groups”, you will arrive at this page:
f. Share the room with the email address of the service account from your txt file. Make sure to select “Make changes to events”.
g. Repeat these steps for each resource
Yeah! Google is configured!
Next steps
You can then continue the setup in the ROOMZ Portal: Booking System and Resources connection