Google Workspace via internal marketplace application

Overview

Movebot has support for connecting to Google workspaces via an internal marketplace application rather than the normal delegated access using Movebot's service tokens. This connection can work both for drive files and for mail.

Using this type of connection is not recommended and has limitations and complexities involved in the setup that are not recommended for most customers.

When should we use this instead of the standard delegated access connection

If you require:

• The ability to limit Movebot's access to specific OUs and/or user groups

• The ability to control the quotas

Requirements

To connect to Google using this method, you will need the following:

• A Movebot account

• A Google Workspace administrator account

• The ability to create a Google Cloud project

How to create the application

1. Log in to Google Cloud Console and create a new project

• This should be done with an administrator account to ensure you have the appropriate permissions

1. Enable the required APIs

• Under APIs & Services -> Library

• Search for and enable Google Drive API, Gmail API

• Search for and enable the Google Workspace Marketplace SDK

1. Configure the OAuth Consent Screen

• Navigate to APIs & Services -> OAUth consent screen

• Under User type select Internal. This means the application will only be available and visible to users in your organisation.

• Fill in the required app information - the details here are internal so don't overthink it

• Add the access scopes.

• Save/Publish

1. Create and download the service account credentials

• Navigate to APIs & Services -> Credentials

• Click Create Credentials and choose Service Account. You do not need to configure any of the optional details here.

• Open the new service account, then go to Keys -> Add key -> Create new key and choose the JSON type. This will result in a new key being created and downloaded in your browser. This is the key you will need when configuring Movebot.

1. Configure the Marketplace SDK

• Under APIs & Services -> Library

• Search for Google Workspace Marketplace SDK

• Click Manage

• Configure the App Configuration tab - the important options are ensuring that App Visibility= Private, Installation Settings=Admin Only Install, App Integrations=Web app

• You can then save and publish

How to connect the application to your organisation

The next step in the process is to add the application to your Google Workspace domain and configure permissions for specific OUs and Groups.

1. Log in to admin.google.com

2. Navigate to Apps -> Google Workspace Marketplace Apps

3. Click INSTALL APP

4. Locate the internal app you created in the last step and click Admin Install

5. You can then configure access and restrictions

How to add the connection to Movebot

1. Log in to Movebot and create a new connection

2. Select Google Workspace or Google Workspace Mail

3. Configure the required options

4. Under Step 2: Create a service account JSON file - click Show Advanced.

5. Upload the service account JSON file created in the previous steps

6. Save

How to limit Movebot's access to the domain

With this type of connection, you can restrict Movebot's access to certain OUs and Groups. This is done from the Google Workspace Marketplace Apps section of the Google Workspace Admin console.

Common Errors

Movebot supports Google Workspace Mail migrations, including user mailboxes and calendar events. Below are common errors and frequently asked questions related to GWS Mail.

Supported Features

Movebot has comprehensive support for Google Workspaces and is well-maintained.

Tags: googleworkspaces_gmail