Prerequisites

DocsTeam · June 3, 2024, 6:28pm

A working instance of a Google Workspace source.

Ensure that you perform the following steps before generating a Client ID, Client Secret, Refresh Token for Client Credentials, and Private Key for Service Account:

This is the companion discussion topic for the documentation at https://documentation.sailpoint.com/connectors/saas/googleworkspace/help/saas_connectivity/google_workspace/prerequisites.html

Lanardg · May 21, 2026, 9:23pm

Is it possible to incorporate an overall Google Workspace and GCP admin console config summary, like listed below? The idea is to provide an overview of the flow that can be referenced (in one browser tab or notes) along side the detailed instruction pages. Also, because there are multiple sets of permissions (user account permission(s), project APIs, custom GCP role, org level access config), I think it would be helpful to have a dropdown widget on the relevant instruction page w/ ONLY the relevant permissions. For example, where domain-wide delegation is mentioned, insert dropdown widget for required scopes only. Or for the user account, set up in Google Workspace admin console, list super admin or a dropdown of required Google Workspace permissions (both console and API). In a similar vein, where relevant for CIEM, outline if configuring CIEM include: xyz (scopes or APIs or permissions). To your credit all the information is there, though it was difficult for me to follow beginning to end.

1. GW admin console: create user account to be impersonated
2. GW admin console: give this account super admin
3. GCP org level: create custom role
4. GCP org level: create new project
5. GCP project: enable required APIs
6. GCP project: create service account
7. GCP project: create new JSON key
8. follow the documentation to create a rsa key in the PEM format
9. GCP org level: grant your GCP service account the custom role
10. GCP org level: grant the user account everything listed here: Prerequisites
The required GCP IAM Roles for GCP Management
11. GW admin console: via manage domain-wide delegation, grant your GCP service account (clientID required here) all the required scopes and Authorize

Bav1 · May 22, 2026, 7:30am

@Lanardg Thank you for your input. We’ve created a Jira issue to track the effort and we’ll update the comment thread when it’s been addressed: CONDOCS-12915.

Topic		Replies	Views
Generating OAuth 2.0 Authentication Credentials Connectivity Documentation Feedback va-con-docs	1	85	December 3, 2024
GCP CIEM connector with Client Credentials does not aggregate Google Cloud Service Accounts ISC Discussion and Questions aggregation , identity-security-cloud , connectors	2	31	May 21, 2026
New Capability: New Google Workspace SaaS Connector is now LIVE! Product News saas-connector , identity-security-cloud , new-capability	5	534	December 27, 2025
Integrating SailPoint with Google Workspace Connectivity Documentation Feedback iiq-con-docs , google-con-docs	4	255	January 20, 2025
GCP integration permissions ISC Discussion and Questions aggregation , identity-security-cloud , connectors	1	188	August 20, 2024

Prerequisites

Related topics