NOTE: This URL www.googleapis.com needs to allow from Client’s firewall, so that, this will be accessible from the Collector-Syslog Server (CCE).
Step 1: Go to https://console.cloud.google.com/apis/dashboard and create a Project.
Step 2: Give a name to your project and click on create.
Step 3: Now, select the project you have just created.
Step 4: Go to Library, to enable the API for your project.
Step 5: Search for API SDK in the search bar and select Admin SKD API. For Gsuite Gmail permission, We need to Enable ' Gmail API' as well.
Step 6: Now, click on enable to enable API for the project.
Step 7: Go to search bar, search for Credentials and select Credentials as shown in the figure.
Step 8: Now, go to Create Credentials and select Service Account.
Step 9: Give service account name, service account description accordingly and click on create.
Step 10: Set the role as Basic -> Viewer, then continue and done.
Step 11: Now select the service account that you just created as you can see below.
Step 12: Here, you need to create a new JSON key for that click on Add key -> Create New Key. Create one with JSON then save it as a file. It will be downloaded to your system. Kindly open the file and note down the "client ID" for further use in the process.
Step 13: Now click on save as shown below.
Step 14: Go to https://admin.google.com/ac/home and click on three horizontal lines to see more options as shown below.
Step 15: Go to Security -> API Controls.
Step 16: Scroll down, click on -> Manage Domain wide delegation.
Step 17: Go to Add New, then put the Client ID from the JSON file. For reference -> Remember (Step 12). Also, put https://www.googleapis.com/auth/admin.reports.audit.readonly in the OAuth Scopes. Click -> Authorize.
Step 18: For Gsuite Gmail Permission Go to Add New, then put the Client ID from the JSON file.
Also, put
--> https://www.googleapis.com/auth/admin.reports.audit.readonly
– > https://www.googleapis.com/auth/admin.directory.user.readonly
in the OAuth Scopes. Click -> Authorize.
Step 19: Using this doc get customer ID - https://support.google.com/a/answer/10070793?hl=en
NOTE :--The json key will need to be modified with customer_id by opening it in a text editor like (notepad, vs code etc) as shown in attached screenshot before uploading it to on our UI (i.e. Gsuite's cloud configuration screen)
Step 20:Now, go to Seceon UI à Provisioning à Google Configuration à G-Suite(Add) à Put your mail ID of G-Suite in the username à CCE IP à Browse the JSON file (Reference Step 12)à Save.
End of the Document