Stay organized with collections
Save and categorize content based on your preferences.
Domain-wide delegation allows Google Workspace for Education super administrators to grant
third-party applications permission to access data of users within their domain
without requiring a specific user's consent. Domain-wide delegation is performed
in the Google Admin console by specifying the client ID of a service account
or third-party application.
A service account is an account that belongs to a Google Cloud project instead
of an individual user. Applications can request access to Google APIs on behalf
of the service account rather than on behalf of individual end-users. Service
accounts are set up in the Google Cloud console.
An OAuth client ID is a public identifier used to identify applications to
Google servers.
Domain-wide delegation set-up
A Google Workspace super administrator can set up the service account
or OAuth client ID with domain-wide delegation in the
Admin console.
In the Admin console, navigate to Main menumenu> Security > Access and data control > API Controls.
Under Domain wide delegation, select Manage Domain Wide Delegation.
Click Add new.
Enter the service account's client ID or the application's OAuth client ID
in the Client ID field. Enter the list of OAuth scopes that the service
account or application should be granted in the OAuth scopes field.
Click Authorize.
If an administrator installs an application for a domain from the
Google Workspace Marketplace, service accounts used by that application don't
need to be manually set-up. The required permissions are automatically provided
during installation.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-12-19 UTC."],[[["Domain-wide delegation enables third-party applications to access user data within a Google Workspace for Education domain without individual user consent, granted by super administrators."],["This delegation is configured in the Google Admin console by specifying the client ID of a service account or third-party application, but it is generally recommended to avoid it if possible."],["A service account is a Google Cloud project account used by applications to access Google APIs, while an OAuth client ID identifies applications to Google servers."],["Google Workspace super administrators can set up domain-wide delegation for specific service accounts or OAuth client IDs through the Admin console's API Controls."],["Applications installed from the Google Workspace Marketplace automatically receive necessary permissions, eliminating the need for manual service account setup."]]],[]]
