0

we would need to integrate with GSuite API to retrieve the group members and the user details of them by a daily job.

I've followed the guide and:

  1. setup a service account
  2. enabled "Admin SDK" at "Google Cloud console"
  3. checked "Enable API access" at GSuite "Google Admin" -> "API Reference"
  4. granted permission to the service account at "Manage API client access" with the following:
    1. View group subscriptions on your domain https://www.googleapis.com/auth/admin.directory.group.member.readonly
    2. View groups on your domain https://www.googleapis.com/auth/admin.directory.group.readonly
    3. View users on your domain https://www.googleapis.com/auth/admin.directory.user.readonly

However the response I got when I try to call: - https://www.googleapis.com/admin/directory/v1/groups/{group id}/members, or - https://www.googleapis.com/admin/directory/v1/users/{user email}

I got "Not Authorized to access this resource/api".

I've tried to use CURL to exchange access token, and tried to use JAVA SDK, both returned the same error.

Please let me know if I've missed out anything. Thanks a lot.

Anita
  • 119
  • 5
  • Did you set the [service account](https://stackoverflow.com/questions/26409201/google-service-directory-403-not-authorized-to-access-this-resource-api) as administrator of the domain? – ReyAnthonyRenacia Dec 28 '17 at 08:17
  • may I know how to do this? In GSuite Admin console, it will show "User does not exists" – Anita Jan 02 '18 at 04:30

1 Answers1

2

Ok, I found the missing part.

In case anyone face the same problem, simply add "sub=[super admin]@[your domain]" when exchanging the accessToken. This will solve the problem.

Anita
  • 119
  • 5