2

I'm working with a client to setup service account credentials, for the purpose of reading G-Suite Directory information over API.

I've done this a dozen times before with no issues, and now I'm having a problem with a setting not showing up for the client.

Below is an image that shows what I would see normally. The area circled in read is where the ability to enable Domain-Wide Delegation exists.

enter image description here

However, the client does now see that section. Instead they see this button. And clicking the button just displays the Client ID's, but doesn't have an option to Enable Domain-Wide Delegation.

enter image description here

We haven't gone through the entire setup to test if this service account works, and I haven't been able to duplicate this UI interface with my testing accounts. I always get the "Show Domain-Wide Delegation" from the first image, and not the button.

The client says they are a Super Admin on the G-Suite Admin Console. I have detailed instructions for all the steps prior, which they said are exactly correct. The only difference is when they get to this page.

I was hoping someone would have some insight into why this interface would be different, and what might be some ways around fixing it?

James
  • 1,562
  • 15
  • 23
  • I have two G Suite Super Admin accounts. One shows your first screenshot, the second shows the other. Both display the same information just differently (the second opens a panel on the right side). I don't know why. For your second screenshot, I see the same thing for my account which also has the IAM Organization Administrator role. – John Hanley May 20 '19 at 22:20
  • @James I am having the same problem. Did you ever figure this out? – kspearrin Jun 07 '19 at 15:52
  • James, I suggest you tag your question with "google-cloud-platform" tag as well. I'm using Google Cloud Platform and seeing the same issue. This tag has more than 15k questions asked, so I hope it helps this issue to be resolved quicker. Thanks. – Yury K. Jun 16 '19 at 18:52
  • @kspearrin I have not figured this out yet. The customer I was working with flaked out, but I have a number of more integrations coming in the next weeks. So I'm sure I will have more info by August. I will try to update this once I find out more. – James Jun 17 '19 at 19:28
  • 3
    I talked with google cloud platform support and they say that all service accounts have domain wide delegation now. This is why the option does not exist. – kspearrin Jun 18 '19 at 03:43
  • @kspearrin thanks for the info. – James Jul 05 '19 at 20:34
  • @kspearrin can you set that as the answer? If possible maybe link to a google doc (I doubt one exists) that explains all GSAs have domain wide delegation now? It also seems like now you don't need domain wide delegation??? https://workspaceupdates.googleblog.com/2020/08/use-service-accounts-google-groups-without-domain-wide-delegation.html. It would be amazing if this SO post had an answer that helped clarify this (in leu of official docs :/ ). – red888 Jan 20 '22 at 15:50

1 Answers1

1

If you don't see the checkbox, it means you don't need to enable it. You can get the client ID from the UI or by looking at the JSON private key you downloaded, and use that to authorize your scopes in the Admin console.

(thanks @kspearrin who also mentioned that in the comments)

Liron
  • 194
  • 9