The Service Account Certificate is required for using the Google APIs. You can create the certificate from the Google Admin Console and then upload it on the AirWatch Console while configuring the email integration.

On the Google Developer Console

  1. Navigate to https://console.developers.google.com and login using your super admin credentials. You are on the API Dashboard page.
  2. Select the projects list drop-down menu and then select ' +' to create a project.

    CreateProj

  3. Enter the Project name and select Create. The project ID is generated.

    Gmail_Cert1

    The project ID cannot be changed once the project is created. In case you wish to change the project ID, select Edit before you create the project.
  4. Select Enable API .

    Enable API

  5. Select Library from the API Manager sidebar. The list of Google APIs appear.
  6. Select Admin SDK available under G Suite APIs and then select ENABLE.
  7. Select Credentials from the API Manager sidebar. The credentials page appears.
    • Select Create credentials and then select Service account key option.

    • Select New service account from the Service account drop-down menu. Provide the Service account name, Service account ID and the Role for the service account email address.

    • Select P12 as the Key type.

    • Select Create. The new service account has been created. Save the .p12 certificate with private key to your machine. Please make a note of the generated password for the private key.

  8. Select Manage service accounts on the credentials page. The Service accounts page is displayed.

    Manage service accounts

  9. Select the service account you created and then select Edit from the corresponding menu ( 3 dot menu). The Edit service account screen appears.  
  10. Select the Enable G Suite Domain-wide Delegation check box. Select SAVE.

    GoogleAppsDomWideDel

    Now, the Client ID is generated and View Client ID appears under Options for your service account in the Service accounts page. Currently, there is no way to delete a Client ID once it has been generated. The only alternative is to delete and re-create the whole project.

    ViewClientID

  1. Select View Client ID to view the generated Client ID and the service account email address.

On the Google Admin Console

  1. Navigate to https://admin.google.com and login with your super admin credentials.
  2. Select Security > Advanced Settings.
  3. Select Manage API client Access hyperlink from the Advanced settings pop-up menu.

    gmailcert4

     

  4. Enter the previously generated Client ID (as mentioned in step 8 of On the Google Developer Console section) in the Client Name field.

  5. Next, you must authorize your client ID for the required API scopes. Enter the API scope, listed below, that are required by the application in the One or More API Scopes field and then select Authorize.

    https://www.googleapis.com/auth/admin.directory.user,https://www.googleapis.com/auth/admin.directory.user .readonly,https://www.googleapis.com/auth/admin.directory.device.mobile.readonly,https://www.googleapis.com /auth/admin.directory.device.mobile.action

    gmailcert5
    Note:

    The above mentioned API Scopes must be added as a comma delimited string containing no spaces.