Google Workspace AD Connector - Product Documentation

Here’s a more polished and professional version of your document:

Google Workspace AD Connector Setup Guide

Navigate to the Manage Resources page in the Google Cloud Console.
Click Create Project.
In the New Project window:
- Enter a Project Name (must be 4–30 characters and can include letters, numbers, single quotes, hyphens, spaces, or exclamation points).
- Specify the Parent Organization or Folder Resource in the Organization and Location field.
  - If you do not have an organization, you can select No organization to create the project at the top level of its own hierarchy.
Click Create to finalize the project creation.

In the Google Cloud Console, select the project you just created.
Go to APIs & Services > Credentials.
Click + Create Credentials and choose OAuth Client ID.
For Application Type, select Desktop App.
Under Authorized Redirect URIs, add:
https://developers.google.com/oauthplayground
Click Create.
Copy the Client ID and Client Secret. These will be used later in the integration configuration.
Enable the Gmail API:
- Go to the API Library.
- Search for and select Gmail API, then click Enable.

Open OAuth 2.0 Playground.
Click the gear icon (⚙) in the top right corner and enable Use your own OAuth credentials.
Set the following:
- OAuth flow: Server-side
- Access type: Offline (to obtain both refresh and access tokens)
Enter your OAuth2 Client ID and Client Secret.
In Step 1 – Select & authorize APIs:
- Choose Google Ads API and select the following scope:
  https://www.googleapis.com/auth/adwords
- Click Authorize APIs and log in with the desired account.
Click Accept when prompted for access permissions.
In Step 2 – Exchange authorization code for tokens, click the button to exchange.
Copy the Refresh Token, Client ID, and Client Secret for use in connector configuration.

In the Cloud Console, search for Service Accounts, then click Create Service Account.
Provide a Service Account Name and click Create and Continue.
Keep default settings and click Done.
To create a private key:
- Open the Service Account page.
- Click the Actions button (⋮) next to your service account.
- Select Manage Keys > Add Key > Create New Key.
- Choose P12 format and click Create.
- Save the downloaded .p12 key file and note the password (usually notasecret unless otherwise set). This will not be displayed again.
Back on the Service Accounts page:
- Note the Service Account Email and OAuth2 Client ID for use in the connector configuration.

In the Cloud Console, search for APIs & Services, then click Enable APIs and Services.
Enable the following APIs:
- Gmail API
- Admin SDK API

In the form:

Add the following scopes:

https://www.googleapis.com/auth/admin.reports.audit.readonly, 
https://www.googleapis.com/auth/admin.reports.usage.readonly

Follow instructions to install OpenSSL with Cygwin on Windows.
Open Cygwin Terminal and confirm installation by running:
```
openssl version
```
Copy the downloaded .p12 file to:
C:\cygwin64\home\<your_user_directory>
Run the following command to extract the private key:
```
openssl pkcs12 -info -in  -nodes -nocerts
```
Enter the .p12 file password when prompted.
Copy the content between -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY----- (excluding those lines).
Save it for the connector configuration as the Private Key.

In your connector platform, go to Ingestion.
Select Google Workspace Message Downloader Connector and click Configure.
Enter the following values:
- OAuth Code (Refresh Token)
- Client ID
- Client Secret
- Client Email ID
- Service Account Email ID
- Private Key
- Private Key ID
Click Validate and Save to complete the configuration.