Unleash Link Provisioning

Purpose

Setting up domain-wide delegation allows the Unleash service account to impersonate users from your organization. This will enable Unleash to auto-magically create Links to supported Google Workspace services (such as Google Drive, Gmail, and Google Calendar) as soon as a new user joins your Unleash workspace, instead of the user having to manually set up the Links and authorize Unleash’s access using OAuth. This automatic process is called Link Provisioning. Provisioned links act like regular, manually created links, and can be easily removed by the user if they wish.

Prerequisites

The person configuring the domain-wide delegation must be an administrator of the relevant Google Workspace organization.

Setup

1. Go to https://admin.google.com/ac/owl/domainwidedelegation and sign in if needed. If you are already signed in and have multiple organizations/domains, ensure you are signed into the correct account for the intended domain.

2. At the top of the API Clients table, click Add new.

3. In the dialog that opens, under Client ID, provide the value 101066985626398460460

4. In the same dialog, under OAuth scopes, add the following scopes (comma-delimited list follows).

openid
profile
email
<https://www.googleapis.com/auth/admin.directory.user.readonly>
<https://www.googleapis.com/auth/gmail.readonly>
<https://www.googleapis.com/auth/admin.directory.group.readonly>
<https://www.googleapis.com/auth/admin.directory.domain.readonly>
<https://www.googleapis.com/auth/calendar.readonly>
<https://www.googleapis.com/auth/directory.readonly>
<https://www.googleapis.com/auth/userinfo.profile>
<https://www.googleapis.com/auth/drive.photos.readonly>
<https://www.googleapis.com/auth/contacts.readonly>
<https://www.googleapis.com/auth/drive.readonly>
<https://www.googleapis.com/auth/drive.metadata.readonly>
<https://www.googleapis.com/auth/drive.activity.readonly>

For your convenience, below is the same list of scopes formatted with commas

openid,profile,email,<https://www.googleapis.com/auth/admin.directory.user.readonly,https://www.googleapis.com/auth/gmail.readonly,https://www.googleapis.com/auth/admin.directory.group.readonly,https://www.googleapis.com/auth/calendar.readonly,https://www.googleapis.com/auth/directory.readonly,https://www.googleapis.com/auth/userinfo.profile,https://www.googleapis.com/auth/drive.photos.readonly,https://www.googleapis.com/auth/contacts.readonly,https://www.googleapis.com/auth/drive.readonly,https://www.googleapis.com/auth/drive.metadata.readonly,https://www.googleapis.com/auth/drive.activity.readonly>

5. Click the Authorize button

6. Please notify your Unleash contact that this process has been completed so that we can validate that the setup is successful and configure your requested link provisioning automation.