# Google Workspace via internal marketplace application

## Overview

Movebot has support for connecting to Google workspaces via an internal marketplace application rather than the normal delegated access using Movebot's service tokens. This connection can work both for drive files and for mail.&#x20;

Using this type of connection is not recommended and has limitations and complexities involved in the setup that are not recommended for most customers.

{% hint style="warning" %}
We recommend only customers with experience managing Google Cloud and marketplace applications attempt to use this connection method. We would also recommend that you reach out to support before proceeding.&#x20;
{% endhint %}

## When should we use this instead of the standard delegated access connection

If you require:

* The ability to limit Movebot's access to specific OUs and/or user groups
* The ability to control the quotas

## Requirements

To connect to Google using this method, you will need the following:

* A Movebot account
* A Google Workspace administrator account
* The ability to create a Google Cloud project

## How to create the application

1. **Log in to Google Cloud Console and create a new project**

* This should be done with an administrator account to ensure you have the appropriate permissions&#x20;

{% hint style="warning" %}
While it is possible to use an existing Google Cloud project, this is *not* recommended, as the project should be deleted after the migration is complete to invalidate any access Movebot has to your organization.&#x20;
{% endhint %}

2. **Enable the required APIs**

* Under **APIs & Services -> Library**
* Search for and enable ***Google Drive API***, ***Gmail API***
* Search for and enable the ***Google Workspace Marketplace SDK***

3. **Configure the OAuth Consent Screen**

* Navigate to **APIs & Services** -> **OAUth consent screen**
* Under **User type** select **Internal**. This means the application will only be available and visible to users in your organisation.
* Fill in the required app information - the details here are internal so don't overthink it
* Add the access scopes.&#x20;

```bash
https://www.googleapis.com/auth/gmail.readonly, https://www.googleapis.com/auth/gmail.insert, https://www.googleapis.com/auth/gmail.labels, https://www.googleapis.com/auth/gmail.modify, https://www.googleapis.com/auth/admin.directory.user, https://www.googleapis.com/auth/admin.directory.user.security, https://www.googleapis.com/auth/contacts,https://apps-apis.google.com/a/feeds/calendar/resource/, https://www.googleapis.com/auth/calendar, https://apps-apis.google.com/a/feeds/calendar/resource/,https://www.googleapis.com/auth/drive,https://www.googleapis.com/auth/drive.file, https://www.googleapis.com/auth/admin.directory.user, https://www.googleapis.com/auth/admin.directory.user.readonly, https://www.googleapis.com/auth/admin.directory.user.security
```

* Save/Publish

4. **Create and download the service account credentials**

* Navigate to APIs & Services -> Credentials
* Click **Create Credentials** and choose **Service Account.** You do not need to configure any of the optional details here.&#x20;
* Open the new service account, then go to **Keys** -> **Add key -> Create new key** and choose the **JSON** type. This will result in a new key being created and downloaded in your browser. This is the key you will need when configuring Movebo&#x74;**.**&#x20;

5. **Configure the Marketplace SDK**

* Under **APIs & Services -> Library**
* Search for **Google Workspace Marketplace SDK**
* Click **Manage**
* Configure the **App Configuration** tab - the important options are ensuring that **App Visibility= Private, Installation Settings=Admin Only Install, App Integrations=Web app**
* You can then save and publish

## How to connect the application to your organisation

The next step in the process is to add the application to your Google Workspace domain and configure permissions for specific OUs and Groups.&#x20;

1. Log in to admin.google.com
2. Navigate to **Apps -> Google Workspace Marketplace Apps**
3. Click **INSTALL APP**
4. Locate the internal app you created in the last step and click **Admin Install**
5. You can then configure access and restrictions&#x20;

## How to add the connection to Movebot

1. Log in to Movebot and create a new connection
2. Select Google Workspace or Google Workspace Mail
3. Configure the required options
4. Under **Step 2: Create a service account JSON file -** click Show Advanced.&#x20;
5. Upload the service account JSON file created in the previous steps
6. Save

## How to limit Movebot's access to the domain

With this type of connection, you can restrict Movebot's access to certain OUs and Groups. This is done from the **Google Workspace Marketplace Apps** section of the Google Workspace Admin console.

### Common Errors

Movebot supports Google Workspace Mail migrations, including user mailboxes and calendar events. Below are common errors and frequently asked questions related to GWS Mail.

<details>

<summary><strong>Error: Authentication Failed (invalid-credentials)</strong></summary>

**Cause:** Permission scopes were not added correctly&#x20;

**Resolution:** Review your marketplace application setup in Google Cloud Admin and ensure all necessary scopes are assigned correctly. Review all steps above. Sometimes waiting 24 hours can help as well.&#x20;

</details>

<details>

<summary><strong>Rate limiting</strong></summary>

Using a custom marketplace application and project means that you are benefiting from Movebot's high quota limits with Google. If you are hitting high numbers of rate limiting, you may need to increase the project quotas for the Google Drive API or Gmail API. Most of the time, this will require approval from Google.&#x20;

</details>

### Supported Features

Movebot has comprehensive support for Google Workspaces and is well-maintained.&#x20;

<table><thead><tr><th width="527">Feature</th><th>Supported in Movebot</th></tr></thead><tbody><tr><td>Email Messages and Folders</td><td>Fully Supported</td></tr><tr><td>Private Calendars </td><td>Fully Supported</td></tr><tr><td>Shared Calendars</td><td>Fully Supported</td></tr><tr><td>Resource Calendars</td><td>Fully Supported</td></tr><tr><td>Contacts</td><td>Fully Supported</td></tr></tbody></table>

\
Tags: googleworkspaces\_gmail


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.movebot.io/connections/other-connectors/google-workspace-via-internal-marketplace-application.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.