Fortinet black logo

Online Help

Configure Service Account

Copy Link
Copy Doc ID 4a6f3c4b-8d0f-11eb-a7dc-00505692583a:843983

Configure Service Account

For your service account, you may either use an existing or a new account.

  1. New Service Account Creation or Using Existing Service Account
  2. Grant Service Account API Access
  3. Grant Service Account Owner Role
  4. Grant service account Organization Administrator role

New Service Account Creation

  1. Go to https://console.developers.google.com and log in with your Google Suite account.
  2. Click on the drop-down menu > Select a project.
  3. Select an existing project you want to monitor or Create a New Project by clicking New Project.
  4. Click the Navigation Menu on the top left corner, go to IAM & admin > Service accounts.
  5. Click +Create service account button.
  6. Enter a Service account name of your preference and click create. Service account ID will populate automatically.
  7. Keep the service account ID for later during Google cloud authentication during installation.
  8. Click Continue when prompted for entering service account permissions.
  9. Click on +Create Key and select JSON to create a private key. The JSON private key will be downloaded automatically, then click Done.
  10. Keep the JSON key later for Google cloud authentication during installation.
  11. Once service account is created, select the service account created and click on under Actions icon > Manage details.
  12. Enable G Suite Domain-wide Delegation.

Using Existing Service Account

  1. Select the project that contains the service account to be used.
  2. Click the Navigation Menu in the upper-left corner of the page, and select IAM & Admin > Service Accounts.
  3. Note:Make sure Domain-wide delegation is enabled. If not, click on Actions icon > Edit to enable it.

  4. If you don’t have a JSON private key, then click Actions icon > Edit , and select +Create Key.
  5. Select JSON in the Key type field, and click CREATE.The JSON private key will automatically downloaded.

Note: Be sure to keep this key and your service account ID for use later during Google cloud authentication.

Once your service account is ready, you must grant it API access to the G Suite API.

Grant Service Account API Access

  1. Click the Navigation Menu in the upper-left corner of the page, and then select IAM & admin > Service Accounts.
  2. In the Domain-wide delegation column, click View Client ID.
  3. In the pop-up window, save the client ID for step 7.
  4. Go to https://admin.google.com and log into the same Google account.
  5. Scroll down and click on More Controls > Security.
  6. In Security, scroll down and select Advanced Settings.
  7. Click Manage API client access.
  8. In the Client Name field, enter the Client ID saved in Step 3. Your Client ID must be a string of numbers.
  9. In the One or More API Scopes field, enter:

"https://www.googleapis.com/auth/admin.directory.user,https://www.googleapis.com/auth/admin.reports.audit.readonly".

After getting your service account ID and JSON private key, grant the service account with Owner and Organization Administrator role for the projects to be monitored.

Grant Service Account Owner Role

  1. Select the project to be monitored.
  2. Click the Navigation Menu on the upper-left corner, select IAM & admin > IAM.
  3. Click the ADD button on the top.
  4. In the New Members field, enter the service account ID you want to use.
  5. In the Select a role field, select Project > Owner.
  6. Click the SAVE button.
  7. Repeat the steps above for all the projects to be monitored.

Additionally, on the same service account, grant Organization Administrator.

Grant service account Organization Administrator role

  1. Select the project to be monitored.
  2. Click the Navigation Menu on the upper-left corner, select IAM & admin > IAM.
  3. Click the ADD button on the top.
  4. In the New members field, enter the service account ID you want to use.
  5. In the Select a role field, select Resource Manager > Organization Administrator
  6. Note: You can also enter "Organization Administrator" in the filter for fast access.

  7. Click the SAVE button.

Configure Service Account

For your service account, you may either use an existing or a new account.

  1. New Service Account Creation or Using Existing Service Account
  2. Grant Service Account API Access
  3. Grant Service Account Owner Role
  4. Grant service account Organization Administrator role

New Service Account Creation

  1. Go to https://console.developers.google.com and log in with your Google Suite account.
  2. Click on the drop-down menu > Select a project.
  3. Select an existing project you want to monitor or Create a New Project by clicking New Project.
  4. Click the Navigation Menu on the top left corner, go to IAM & admin > Service accounts.
  5. Click +Create service account button.
  6. Enter a Service account name of your preference and click create. Service account ID will populate automatically.
  7. Keep the service account ID for later during Google cloud authentication during installation.
  8. Click Continue when prompted for entering service account permissions.
  9. Click on +Create Key and select JSON to create a private key. The JSON private key will be downloaded automatically, then click Done.
  10. Keep the JSON key later for Google cloud authentication during installation.
  11. Once service account is created, select the service account created and click on under Actions icon > Manage details.
  12. Enable G Suite Domain-wide Delegation.

Using Existing Service Account

  1. Select the project that contains the service account to be used.
  2. Click the Navigation Menu in the upper-left corner of the page, and select IAM & Admin > Service Accounts.
  3. Note:Make sure Domain-wide delegation is enabled. If not, click on Actions icon > Edit to enable it.

  4. If you don’t have a JSON private key, then click Actions icon > Edit , and select +Create Key.
  5. Select JSON in the Key type field, and click CREATE.The JSON private key will automatically downloaded.

Note: Be sure to keep this key and your service account ID for use later during Google cloud authentication.

Once your service account is ready, you must grant it API access to the G Suite API.

Grant Service Account API Access

  1. Click the Navigation Menu in the upper-left corner of the page, and then select IAM & admin > Service Accounts.
  2. In the Domain-wide delegation column, click View Client ID.
  3. In the pop-up window, save the client ID for step 7.
  4. Go to https://admin.google.com and log into the same Google account.
  5. Scroll down and click on More Controls > Security.
  6. In Security, scroll down and select Advanced Settings.
  7. Click Manage API client access.
  8. In the Client Name field, enter the Client ID saved in Step 3. Your Client ID must be a string of numbers.
  9. In the One or More API Scopes field, enter:

"https://www.googleapis.com/auth/admin.directory.user,https://www.googleapis.com/auth/admin.reports.audit.readonly".

After getting your service account ID and JSON private key, grant the service account with Owner and Organization Administrator role for the projects to be monitored.

Grant Service Account Owner Role

  1. Select the project to be monitored.
  2. Click the Navigation Menu on the upper-left corner, select IAM & admin > IAM.
  3. Click the ADD button on the top.
  4. In the New Members field, enter the service account ID you want to use.
  5. In the Select a role field, select Project > Owner.
  6. Click the SAVE button.
  7. Repeat the steps above for all the projects to be monitored.

Additionally, on the same service account, grant Organization Administrator.

Grant service account Organization Administrator role

  1. Select the project to be monitored.
  2. Click the Navigation Menu on the upper-left corner, select IAM & admin > IAM.
  3. Click the ADD button on the top.
  4. In the New members field, enter the service account ID you want to use.
  5. In the Select a role field, select Resource Manager > Organization Administrator
  6. Note: You can also enter "Organization Administrator" in the filter for fast access.

  7. Click the SAVE button.