NOTE: This URL www.googleapis.com needs to allow from Client’s firewall, so that, this will be accessible from the Collector-Syslog Server (CCE).
Step 1: Go to https://console.cloud.google.com/apis/dashboard and create a Project.
Step 2: Give a name to your project and click on create.
Step 3: Now, select the project you have just created.
Step 4: Go to Library, to enable the API for your project.
Step 5: Search for API SDK in the search bar and select Admin SKD API.
Step 6: Now, click on enable to enable API for the project.
Step 7: Go to search bar, search for Credentials and select Credentials as shown in the figure.
Step 8: Now, go to Create Credentials and select Service Account.
Step 9: Give service account name, service account description accordingly and click on create.
Step 10: Set the role as Basic -> Viewer, then continue and done.
Step 11: Now select the service account that you just created as you can see below.
Step 12: Here, you need to create a new JSON key for that click on Add key -> Create New Key. Create one with JSON then save it as a file. It will be downloaded to your system. Kindly open the file and note down the "client ID" for further use in the process.
Step 13: Now click on save as shown below.
Step 14: Go to https://admin.google.com/ac/home and click on three horizontal lines to see more options as shown below.
Step 15: Go to Security -> API Controls.
Step 16: Scroll down, click on -> Manage Domain wide delegation.
Step 17: Go to Add New, then put the Client ID from the JSON file. For reference -> Remember (Step 12). Also, put https://www.googleapis.com/auth/admin.reports.audit.readonly in the OAuth Scopes. Click -> Authorize.
Step 18:Now, go to Seceon UI à Provisioning à Google Configuration à G-Suite(Add) à Put your mail ID of G-Suite in the username à CCE IP à Browse the JSON file (Reference Step 12)à Save.