Disclaimer: The following instructions are correct at the time of writing. Google feature names and links may change over time.
- In the Google Admin console, enable API access. See the help topic, Enable API access in the Admin console.
- Add the authorized API client name for the Google service account that you created in the Google API console. See the help topic, OAuth: Managing API client access.
- Client Name: Type the client ID for your Google service account.
- One or More API Scopes:
https://www.googleapis.com/auth/admin.directory.group.readonly,https://www.googleapis.com/auth/admin.directory.orgunit.readonly,https://www.googleapis.com/auth/admin.directory.user.readonly
Note: Do not add View groups on your domain, View organization units on your domain, or View users on your domain to the API scopes you are adding. These are Google API scopes, the Google Admin console sorts them for you. See Google's help topic, OAuth 2.0 Scopes for Google APIs.