Step 1: Create a Service Account
Set up a Service Account project in the Google API Console.
1. Create a new project (or select an existing one)
2. Go to IAM & Admin > Service Accounts. You might have to click on the Menu first. Click on Create Service Account.
3. Under Service account details, type a name, ID, and description for the service account, then click Create.
4. Under Service account permissions, select the IAM roles as 'Project Owner' to grant to the service account, then click Continue.
5. After the service account is created, open the service account, click on "Edit" then click "Add Key" under "Keys", then click "Create New Key".
6. Make sure the key type is set to JSON and click Create.
7. Save the downloaded JSON key.
Your new public/private key pair is generated and downloaded to your machine; it serves as the only copy of the private key. You are responsible for storing it securely. If you lose this key pair, you will need to generate a new one.
Step 2: Enable Admin SDK API
1. Open your project in the API Console. Click on Enable APIs and Services.
2. In the list of APIs, search and click Admin SDK API.
3. Click on ENABLE to enable Admin SDK API.
Step 3: Assign OAUTH Scopes for Admin SDK API
1. Go to the Google Admin console. From the Admin console, go to Home > Security > API controls. Make sure you're in the Google Admin console and not Google Cloud Platform.
2. Under Domain-wide delegation, click Manage Domain Wide Delegation.
3. On the Manage domain-wide delegation page, click Add new and enter your service account client ID.
You can find the ID (also known as the Unique ID) in the JSON file that you downloaded when you created the service account or in the Google Cloud Console (click IAM & Admin and then Service accounts and then the name of your service account).
Under the OAuth Scope, add each scope that the application can access.
Depending on whether you want to use the Jira panel to only provide read access to Google Workspace, or read/write access, you'll want to use the OAuth scopes listed below:
READ ONLY ------------ https://www.googleapis.com/auth/admin.directory.user.readonly,https://www.googleapis.com/auth/admin.directory.group.readonly,https://www.googleapis.com/auth/admin.directory.group.member.readonly,https://www.googleapis.com/auth/admin.reports.audit.readonly,https://www.googleapis.com/auth/admin.reports.usage.readonly,https://www.googleapis.com/auth/admin.directory.user.security,https://www.googleapis.com/auth/drive.readonly,https://www.googleapis.com/auth/admin.datatransfer.readonlyREAD/WRITE -------------- https://www.googleapis.com/auth/admin.directory.user,https://www.googleapis.com/auth/admin.directory.group,https://www.googleapis.com/auth/admin.directory.group.member,https://www.googleapis.com/auth/admin.reports.audit.readonly,https://www.googleapis.com/auth/admin.reports.usage.readonly,https://www.googleapis.com/auth/admin.directory.user.security,https://www.googleapis.com/auth/drive,https://www.googleapis.com/auth/apps.licensing,https://www.googleapis.com/auth/gmail.settings.sharing,https://mail.google.com/,https://www.googleapis.com/auth/admin.datatransfer
Step 4: Setup in Jira
1. Navigate to Apps > Manage Apps.
2. You should see Multiplier listed there. Click on Configure to go to the configuration settings.
3. Click on Google Workspace. You should see a modal displaying the capabilities of the integration.
Click Install, and check the Read only mode box if you only want to read from Google Workspace. Then enter the Google Workspace admin email and the key file that you previously downloaded.
If you want to connect to a particular domain, specify it. Otherwise leave it blank.
5. Configure which user groups can see the app, by accessing the Settings tab on the Multiplier's Configuration page.
To perform operations in Google Workspace, navigate to an issue, and click on the Open Multiplier link in the sidebar.