Transcend integrates with Google Suite (GSuite) offerings such Google Docs, Google Slides, Google Sheets, and Gmail. In order to connect with your GSuite instance with Transcend, and use our Google Docs, Google Slides, and Google Sheets integrations, we use a client credentials method which requires you to generate credentials specific to your GSuite organization.
Before starting, please ensure that you meet these requirements:
- Your organization has a Google Vault license
- You have access to your organization's Google Cloud Console, and have permissions to create a new project, and provision a service account
- You have access to the Google Admin Console, with permissions to modify Security Settings for your organization, and
- You have access to an account in your organization that can run and manage Google Vault Searches and Exports
The GSuite integrations (except Gmail) offered by Transcend use Service Accounts to create an API connection between Google and Transcend. Below are the instructions to provision a Service Account, and provide Transcend with its credentials, to begin making API calls on your behalf.
- Create a new project in your organization's Google Cloud Console, and enable the following APIs:
- Under the "IAM & Admin" tab for the project created in step 1, visit the "Service Accounts" page, and select "Create Service Account". Give this service account a name you'll remember, for example, "transcend-dsr-robot"
- You do not need to grant this service account any specific IAM roles or permissions
- You will need the email address associated with this service account when connecting the integration.
- Once the service account is created, select "Enable G Suite Domain-wide Delegation" for the service you created, and record the unique "Client ID", as you will need to refer to this later
- You will also need to generate a set of public-private key pairs for this account. You can do so by visiting the "Key" tab in the service account's settings page, and generating one in the JSON format. You will need the JSON key file during the connection phase for the integration.
- Transcend only supports key files generated in the JSON format
We recommend using a different service account for each GSuite integration you connect with Transcend.
Once you've finished provisioning a service account, and its associated credentials, we must now give it access to call the appropriate APIs in your organization.
- Go to your organization's Google Admin Console, and
- Navigate to the "Security" page
- Select on "API Controls", then "Manage Domain Wide Delegation"
- Add a new "API Client", and in the form enter the Client ID of the Service Account noted in Step 3 of the previous section.
- You will also need to add the following OAuth scopes, as comma-separated values, and then click on "Authorize":
You're now ready to connect Transcend's GSuite integrations!
Read more on Connecting data silos.
- A user that can run and manage Google Vault Searches, and Exports
- The service account's email address
- The Private Key from the JSON key file, generated in step 4 of the service account provisioning instructions.
- Note: you will want to replace "\n" with newlines when inserting this private key into the Transcend Admin Dashboard.