Fortinet white logo
Fortinet white logo

EMS Administration Guide

Creating unique service account credentials

Creating unique service account credentials

Creating a unique set of service account credentials provides more security. Unique service account credentials include the following:

  • Client ID (a long number)
  • Service account ID (email address)
  • Service account certificate (a certificate in .pem format)
To create unique service account credentials:
  1. Go to Google API Console.
  2. Log in with your Google Workspace account credentials.
  3. Create a new project:
    1. Click the toolbar list. The browser displays the following dialog.

    2. Select your organization, if you see an organization dropdown list. Click New Project.

    3. In the Project name field, enter your project name, then click Create.

  4. Enable the Admin SDK:
    1. Select your project from the toolbar list, then click APIs & Services.

    2. Under Google Workspace APIs, search for Admin SDK API and enable it.

      After enabling the Admin SDK API, the console displays a message indicating: To use this API, you may need credentials.

  5. Create a service account:
    1. Go to the Credentials tab and select Create Credentials > Service account.

    2. From the Service account list, select New Service Account. Enter a service account name.

    3. From the Role list, select Project > Viewer.

    4. Edit the created service account and go to Keys. Click Add Key to create a P12 private key.

    5. Save the private key and note the private key password, "notasecret".

      The private key with the P12 extension is the only copy you receive. Keep it in a safe place. You should also remember the password prompted on the screen. At this time, that password should be notasecret.

  6. Edit the service account you just created and expand Advanced settings. There is a Domain-wide Delegation message and step-by-step guide.

To use the private key in EMS, you must convert it to .pem format. You can use the following openssl command to convert it. Remember to use the notasecret password.

C:\OpenSSL-Win64\bin>openssl pkcs12 -in demo-976b9d6e9328.p12 -out serviceAccount-demo.pem -nodes -nocerts

Enter Import Password:

Creating unique service account credentials

Creating unique service account credentials

Creating a unique set of service account credentials provides more security. Unique service account credentials include the following:

  • Client ID (a long number)
  • Service account ID (email address)
  • Service account certificate (a certificate in .pem format)
To create unique service account credentials:
  1. Go to Google API Console.
  2. Log in with your Google Workspace account credentials.
  3. Create a new project:
    1. Click the toolbar list. The browser displays the following dialog.

    2. Select your organization, if you see an organization dropdown list. Click New Project.

    3. In the Project name field, enter your project name, then click Create.

  4. Enable the Admin SDK:
    1. Select your project from the toolbar list, then click APIs & Services.

    2. Under Google Workspace APIs, search for Admin SDK API and enable it.

      After enabling the Admin SDK API, the console displays a message indicating: To use this API, you may need credentials.

  5. Create a service account:
    1. Go to the Credentials tab and select Create Credentials > Service account.

    2. From the Service account list, select New Service Account. Enter a service account name.

    3. From the Role list, select Project > Viewer.

    4. Edit the created service account and go to Keys. Click Add Key to create a P12 private key.

    5. Save the private key and note the private key password, "notasecret".

      The private key with the P12 extension is the only copy you receive. Keep it in a safe place. You should also remember the password prompted on the screen. At this time, that password should be notasecret.

  6. Edit the service account you just created and expand Advanced settings. There is a Domain-wide Delegation message and step-by-step guide.

To use the private key in EMS, you must convert it to .pem format. You can use the following openssl command to convert it. Remember to use the notasecret password.

C:\OpenSSL-Win64\bin>openssl pkcs12 -in demo-976b9d6e9328.p12 -out serviceAccount-demo.pem -nodes -nocerts

Enter Import Password: