Create a Custom Google App

Procedure

You can refer to the instructions below to create a custom Google app.

  1. Create a New Project.

    Follow the steps below to create a new project:

    1. Go to Google Cloud IAM.
    2. Click the current resource.
    3. Click NEW PROJECT.
    4. Complete the Project name, Organization, and Location fields.
    5. Click Create.
  2. Configure OAuth Consent Screen

    Select the newly created project, and follow the steps below to configure OAuth consent screen:

    1. Navigate to APIs & Services > OAuth consent screen.
    2. Select Internal or External, and then click Create.
    3. Complete the app information form based on your scenario.
    4. Click SAVE AND CONTINUE.
  3. Add Scopes

    Follow the steps below to add required permission scopes to the app:

    1. Click ADD OR REMOVE SCOPES.
    2. You can add required permission scopes to a custom Google app by referring to IBM® Storage Protect for Cloud Google Workspace
    3. After you finish adding scopes, click SAVE AND CONTINUE.
  4. Create OAuth Credentials

    Follow the instructions below to create a service account and a client ID:

    1. Navigate to APIs & Services > Credentials.
    2. Click CREATE CREDENTIALS and select Service account.
    3. Enter a service account name and a service account ID. Then, click DONE.
    4. On the Credentials page, click the newly created service account.
    5. Expand Advanced settings, and then click CREATE GOOGLE WORKSPACE MARKETPLACE-COMPATIBLE OAUTH CLIENT.
    6. Click CONTINUE in the confirmation window. Then, you can check the created client ID on the Credentials page.
    7. Click the service account, and then click the KEYS tab.
    8. Click ADD KEY, and then click Create new key.
    9. Select the JSON key type and click CREATE. The downloaded file contains important information for the configuration in the following steps, and you must store the file securely as it can’t be recovered if lost.
  5. Configure Scopes and Enable APIs

    You can refer to the instructions below to configure scopes and enable APIs:

    1. Go to Google Admin console, and then navigate to Security > Access and data control > API controls.
    2. Click MANAGE DOMAIN WIDE DELEGATION.
    3. Click Add new.
    4. Add the client ID and OAuth scopes. After you finish the configuration, click AUTHORIZE.
      Note the following:
      • To get the client ID, you can open the downloaded private key file or go to the Credentials page.
      • The configured scopes should be the same as the scopes added to the app. You can add required permission scopes to a custom Google app by referring to IBM Storage Protect for Cloud Google Workspace
    5. Go to Google Cloud > APIs & Services > Enabled APIs & services, and click ENABLE APIS AND SERVICES.
    6. The API library page appears. You need to enable APIs according to your added scopes.
    7. Click the API that you want to enable, and then click ENABLE.