Google Service Account

SaaS integrations for Google Services can be authenticated using a Google Service Account (opens in a new tab). This method provides a more streamlined setup compared to the OAuth2 authentication flow, avoiding the need for a authentication call during setup.

Required parameters

Project ID: The google cloud project ID under which the service account email operates
Client Email: The email associated to the service account (e.g., my-sa@my-project.iam.gserviceaccount.com)
Pivate Key: The RSA private key from your service account, found on the JSON key file (begins with -----BEGIN PRIVATE KEY-----)

Configuration example

client_config:
protocol: https
host: www.googleapis.com
authentication:
    strategy: google_cloud_service_account
    configuration:
    scopes:
        ...

The scopes are defined in a per-integration basis, as each of the google services has its own scope to be defined.

Usage checklist

To use a Google Service Account for SaaS integration authentication, ensure the following steps are completed:

Create a Google Cloud Project
- Set up and configure a Google Cloud Project via the Google Cloud Console (opens in a new tab).
Create a Service Account
- In the IAM & Admin section, create a new service account for your integration.
Grant Required Roles and Permissions
- Assign the necessary roles to the service account according to the APIs/resources it needs to access.
Create and Download a Service Account Key
- Generate a new JSON key for your service account.
- Download and securely store the key file, which contains the private key and client email.

Note: The required OAuth scopes will vary for each Google service integration. See Google’s OAuth 2.0 Scopes documentation (opens in a new tab) or the API documentation for guidance.

Zendesk Database Integrations