Authorizing Zoho Mail to access G Suite

Authorizing Zoho Mail to access G Suite

Overview:

To authorize Zoho Mail to access your organization's G Suite users, email, contact, and calendar data, G Suite mandates the following authorization process. First, the organization's admin will have to create a G Suite service account, then permit Zoho Mail to access the required services in G Suite and then define the scopes that can be accessed by the service account that you are creating. 

Ensure that this entire authorization process is done in a browser where no G Suite or Gmail account, other than the one from which you will be creating the service account is open. 

Creating G Suite Service Account:

This section will guide you through the process of setting up a service account in your G Suite account.

  1. Log in to the Google Developers Console with your admin credentials.
  2. Click on the dropdown next to your organization's name from the top of the window, and select New Project.
    Creating GSuite service account
  3.  Enter a name for your project in the Project Name field and click Create.
    Creating project in GSuite
  4. Select the Create Service Account option. 
    Create Service Account
  5. Enter a service name in the Service account name field, and a description for the service in the Service account description field, and click Create.
    Service Account details in GSuite
  6. In the next step, select the role that you want to assign to this service account. In the Role field, select Project > Owner, and click Continue.
    Service account permissions
  7.  If you'd like to assign roles to users and admins, enter the relevant data and click Done.
  8. Click the email address under the Email field. This will be the Service account email address. Make sure that you note this down, as you will have to enter it in the Zoho Mail Control Panel.*
    Gsuite Migration Account selection
  9. Click the Edit option in the Service Account Details window, and expand Show Domain-wide Delegation.
    Account details
  10. Select the checkbox across the Enable G Suite Domain-wide Delegation option.
  11. Now enter a relevant product name in the Product name for the consent screen.
  12. The value generated in the Unique ID field is the Client ID. Please make note of this value as you will need it for later use during the authorization process. 
    Client ID for migration
  13. Click Add Key, and select the Create New Key option.
    Creating new key
  14. Select P12 and click Create.
    Creating private key for Gsuite Migration
  15. Once you've created the key, you will notice that a file was downloaded onto your system. Please make sure that you save a copy of this file for later use during the migration.*
  16. Now click Save.

​Enabling API Access:

You will have to enable access to some of these APIs. Follow the below instructions to enable access.

  1. Log in to the Google API Library.
  2. Locate the Gmail API and click Enable.
  3. Locate the Google Calendar API and click Enable.
  4. Locate the Contacts API and click Enable.
  5. Locate the CalDAV API and click Enable.
  6. Locate the Admin SDK and click Enable.
  7. Locate the Google People API and click Enable.​
Google is currently in the process of making changes to its Contacts API and we are adopting the same. During this transition phase, if you face any issues in migrating your contacts, please check if the Google People API is enabled in your Google Developers Console. If you still continue to face issues, reach out to us at support@zohomail.com.

Granting access to Service Account:

This section will aid you through granting access to the service account and defining the scopes that can be accessed by the service account.

  1. Login to your G Suite Admin account.
  2. Go to the Security menu, and select API Controls. 
  3. Under Domain-wide delegation, click MANAGE DOMAIN-WIDE DELEGATION.
  4. In this page, click Add New.​
  5. In the Client ID field, enter theClient ID that was generated.
  6. Copy the following values and paste it in the One or more API scopes field, and click Authorize.

    https://www.google.com/m8/feeds/contacts/default/full, https://www.google.com/m8/feeds, https://www.googleapis.com/auth/gmail.readonly, https://www.google.com/m8/feeds/groups/default/full, https://www.googleapis.com/auth/admin.directory.user.readonly, https://www.googleapis.com/auth/admin.directory.domain.readonly, https://www.googleapis.com/auth/admin.directory.group.member.readonly, https://www.googleapis.com/auth/admin.directory.group.readonly, https://www.googleapis.com/auth/calendar, https://www.googleapis.com/auth/admin.directory.resource.calendar

Once done, this will grant access to the service account and the mentioned scopes will be made accessible.

Details to be entered in the Zoho Mail Control Panel:

* The service account email address and the file that was downloaded will be required for use in the Zoho Mail Control Panel.

  • Enter the Super Admin email address of your G Suite organization account in the G Suite Super Admin Email Address field. 
  • Enter the Service account email address in the respective field.
  • Finally, upload the file that you downloaded in the Private key file field and click Verify.

This will authorize your Zoho Mail account to access G Suite.

Share this post : FacebookTwitter

Still can't find what you're looking for?

Write to us: support@zohomail.com