Only complete this section if not authenticating via OAuth. See Authentication Methods for more details.
Important
ScubaGoggles requires the service account to have domain-wide delegation of authority to function.
- Login to https://console.cloud.google.com and navigate to your GCP project.
- From the hamburger menu, select IAM & Admin -> Service Accounts
- Select CREATE SERVICE ACCOUNT. Fill out the id field and then select DONE
- Click on the newly created service account then click KEYS -> ADD KEY -> Create new key -> JSON -> CREATE
- Move the downloaded file (begins with
<service account>*.json) to the root directory folder of this repo, rename tocredentials.json - Now login to admin.google.com and navigate to Security -> Access and data control -> API controls
- Select MANAGE DOMAIN WIDE DELEGATION
- Select Add new
- Enter the
client_idfrom the downloaded credentials (also visible after clicking on the created Service account under Details -> Unique ID) - Enter each OAuth scope as listed in Permissions
- Select AUTHORIZE
- Finally, run ScubaGoggles with the
--subjectemailoption set to the email of an admin with necessary permissions to run ScubaGoggles.
Note
ScubaGoggles can be run using a service account in a different organization.
To do so, specify the --customerid argument with the customer ID of the target organization (found in admin.google.com under Account -> Account settings)
- Continue to Usage: Parameters
- Return to Documentation Home