Authorize GSPS for your domain

G Suite Password Sync

If you want to use a service account as your authentication method for G Suite Password Sync (GSPS), you need to create an account and set it up before you install GSPS.

Step 1: Create a service account

Complete the steps in Create a service account.

Step 2: Authorize your client ID in the Admin console

  1. Sign in to your Google Admin console.

    Sign in using an account with super administrator privileges (does not end in @gmail.com).

  2. From the Admin console Home page, go to "" and then Security and then API controls.
  3. Under Domain wide delegation, click Manage Domain Wide Delegation.
  4. On the Manage domain wide delegation page, click Add new.
  5. Under Client ID, enter your service account's client ID.

    You can find the service account client ID in the JSON file you downloaded when you created the G Suite service account. Alternatively, you can find the client ID in the Google Cloud Platform Console. Click IAM & Adminand thenService accounts, then select your service account.

  6. In the OAuth scopes field, copy and paste the following scope:

    https://www.googleapis.com/auth/admin.directory.user

  7. Click Authorize.
  8. To make sure every scope appears, select the new client ID and click View details.

    If they don't, click Edit, enter the missing scopes, and click Authorize. Note that you can't edit the client ID.

  9. Go back to the Google Cloud Platform Console and click Save.

Next steps

You're now ready to Add users to your Google domain.


Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.
Was this helpful?
How can we improve it?