Google Workspace (G Suite) Admin Configuration for Migration
EdbMails G Suite Migration Tool lets you securely migrate emails, calendars, contacts, tasks, folders, and attachments from Google Workspace (G Suite) using an Admin account—without requiring individual user passwords. To access all user mailboxes across the organization, the Admin account must be configured with a Service Account and Domain-Wide Delegation.
The configuration involves the following steps:
- Configure Service Account in Google Cloud.
- Grant Domain-Wide Delegation.
- Generate and download a secure JSON key.
Steps to Configure a Service Account
Step 1: Sign in to Google Cloud Console
- Open the Google Cloud Console.
- Sign in using your Google Workspace Super Administrator account.
Note: Super Admin privileges are required to grant Domain-Wide Delegation and approve API access.
Step 2: Create or Select a Google Cloud Project
- In the top-left corner, click ‘Select a Project’, then click ‘New Project’.
- Enter a project name and click the ‘Create’ button.
- Wait a few seconds while the project is being created.
Step 3: Enable the Required Google APIs
- From the left-hand menu, navigate to ‘APIs & Services’ → ‘Library’.
- Search for and enable the following APIs.
- Admin SDK API
- Google People API
- Gmail API
- Google Calendar API
- Google Tasks API
- Wait until each API shows as Enabled before proceeding.
Step 4: Create a Service Account
- In the left-hand menu, navigate to ‘IAM & Admin’ → ‘Service Accounts’.
- Click ‘Create Service Account’.
- Enter a service account name. The Service Account ID will be auto-generated.
- Click the ‘Create and Continue’ button.
- Skip the Assign roles step (roles are not required for Domain-Wide Delegation) and click ‘Done’.
Grant Domain-Wide Delegation in Google Admin Console
This step authorizes the Service Account to access Google Workspace data at the domain level.
- Open the Google Admin Console and log in using your Super Administrator account.
- Navigate to ‘Security’ > ‘Access and data control’ > ‘API Controls’.
- Click on ‘Manage Domain Wide Delegation’.
- Click on ‘Add New’ and paste the Client ID copied from Google Cloud.
- In the OAuth Scopes field, enter the following scopes
- https://www.googleapis.com/auth/admin.directory.user.readonly
- https://www.googleapis.com/auth/gmail.readonly
- https://www.googleapis.com/auth/calendar.readonly
- https://www.googleapis.com/auth/tasks.readonly
- https://www.googleapis.com/auth/contacts.readonly
- Click ‘Authorize’, then ‘Save’.
The Service Account is now approved to access Google Workspace data based on the defined permissions.
Download the JSON Key
- Go back to Google Cloud Console.
- Navigate to ‘IAM & Admin’ → ‘Service Accounts’ and click your service account.
- Click on ‘Manage Domain Wide Delegation’.
- Go to the ‘Keys’ tab and click ‘Add Key’ > ‘Create New Key’.
- Select ‘JSON’ and click ‘Create’.
- The JSON key file will download automatically.
Note: This JSON file contains the private key required for secure authentication. It must be uploaded or configured in EdbMails to establish API connectivity.
