Skip to main content

Google Workspace

Overview

This integration allows read-only access to your Google Workspace, enabling the Intail app to fetch information across the entire organization with a single click. It is designed to only read data without the capability to write or modify. This ensures secure access while allowing the monitoring of every contextual relationship within the organization.

Prerequisites

  • A Google Workspace domain.
  • A service account with a client ID.
caution

Only users with administrative privileges can perform these actions. Ensure you have the necessary permissions before proceeding.

info

For further information regarding domain-wide delegation, visit Control Google Workspace API access with domain-wide delegation. .

Step-by-Step Guide

1. Access API Controls

  • Navigate to your domain’s Admin console.
  • Go to: Main Menu -> Security -> Access and data control -> API controls.

2. Manage Domain-Wide Delegation

  • In the Domain wide delegation pane, select Manage Domain Wide Delegation.
  • Click Add new.

3. Enter Service Account Details

  • In the Client ID field, enter the client ID obtained from the service account creation.

  • Paste Intail's Client ID: 118229953076945640756.

  • In the OAuth Scopes field, enter the following scopes:

    https://www.googleapis.com/auth/gmail.metadata,
    https://www.googleapis.com/auth/admin.directory.user.readonly,
    https://www.googleapis.com/auth/calendar.readonly

  • Click Authorize.

OAuth Scopes Explanation

The following OAuth scopes are used in this configuration:

  • gmail.metadata: This scope allows reading metadata for emails, which includes headers and labels but not the message body or attachments.
  • admin.directory.user.readonly: This scope provides read-only access to the user's directory information in Google Workspace.
  • calendar.readonly: This scope grants read-only access to the user's calendar events.

These scopes ensure that the application can only read data without the capability to modify it, maintaining data integrity and security.

Gmail Read-Only Access (Optional)

Organization wish to provide read-only access to Gmail for the Intail application, allowing monitoring and analyzing contextual relationship for entire organization. Needs to grant the following scope to the service account:

  • gmail.readonly: This scope grants read-only access to Gmail messages and labels.

Copy this scope and paste it in the OAuth Scopes field to provide read-only access to Gmail.

 https://www.googleapis.com/auth/gmail.readonly
caution

Please DO NOT use gmail.readonly scope with gmail.metadata scope at the same time.

After completing these steps, your service account will have domain-wide access and can impersonate any domain user within the specified scopes.

Delegate to Gmail Application

Gmail, a cornerstone service of Google Workspace, is a widely used email service known for its robust functionality, user-friendly interface, and strong security features. It offers seamless integration with other Google services like Calendar, Drive, and Contacts, making it a preferred choice for personal and professional communication

Step-by-Step Guide

  1. Navigate to Gmail App Settings.
  2. Click on Mail delegation.
  3. Apply the necessary settings.
  4. Click SAVE.