Solar Archive Knowledge Base
  • 👋Welcome
    • Solar Archive's Structure
    • Contacting Support
    • Selling Email Archiving
    • White-label / Private Label
  • ⚡Quick Start
    • 1️⃣Creating a Tenant
    • 2️⃣Setting up Live Email Feed
    • 3️⃣Importing Old Email
    • 4️⃣Creating User Accounts
    • 5️⃣Checking Live Mail Receipts
    • ✅Finished Setup
    • 🆕Automated Onboarding
      • 1️⃣Admin Setup
      • 2️⃣Tenant Setup
      • 🔄Data Import
      • ☑️User Setup
  • 🧑‍🦲Managing Users
    • User Types
    • Creating Local User Accounts
    • Creating Basic User Accounts
    • Creating Data Guardian User Accounts
    • Creating Privileged User Accounts
    • Searching the User Directory
    • Adding a Delegation Link
    • Adding as Delegate
  • 🧙‍♂️Managing Tenants
    • Setting up a T1 Tenant
    • Setting up a T2 Tenant
    • Setting up a T3 Tenant
  • ⚙️Basic Configuration
    • Accessing Admin Options
    • Updating Company Information
    • Configuring Outbound Email Settings and Email Alerts
    • Configuring Global Account Settings
    • Managing Mail Server Connections
    • Configuring LDAP Settings
    • Managing Email Domains
    • Managing Email Addresses
    • Configuring Email Collector
    • Configuring SMTP Service Settings
    • Downloading / Emailing System Logs
    • Managing Exclusion Rules
  • ⚒️Advanced Configuration
    • Enabling Premium SSO
    • Configuring OAuth Connection Settings
    • Configuring Google Workspace OAuth and Service Account
    • Configuring Okta
      • Configuring Okta with SAML
      • Configuring Okta with SSO
    • Configuring Advance Company Settings
    • Setting Retention Period
    • Setting Search Date Limit
    • Setting Report Consolidation Period
    • Setting Case Folder Configuration Limits
    • Configuring Global Settings
    • Configuring SMTP Settings
    • Configuring Web Security Settings
    • Configuring System Alert Settings
    • Managing LDAP Search Filters
    • Viewing Company Summary
    • Managing Date Formats
    • Managing Headers
    • Configuring Error Email Respool Settings
    • Configuring De-Duplicated Email Respool Settings
    • Configuring Excluded Email Respool Settings
    • Configuring Windows File Share Settings
    • Tenant Deletion Procedure
    • Adding Custom Scripts to your Archive
    • Setting up Stubbing
    • OAuth Setup with Solar Archive
  • 🗃️Using the Archive
    • 🔎Search
      • Searching your Archive
      • Saving your Search
      • Sharing your Search
      • Filtering Search Results
      • Search (Classic Interface)
    • 📦Spaces
      • Creating a Space
      • Adding to a Space
      • Sharing a Space
    • 📄Results
      • Downloading a Single Result
      • Downloading Multiple Results
      • Printing Results
      • Result Headers
      • Forward Results
      • Restore Results
      • Saving to Space
      • My Archive
    • ⏳History
      • Saved Searches
      • Recent Search History
  • 🔐Legal Hold
    • Creating a Legal Hold Request
    • Managing Legal Hold Requests
  • 🗑️Authorised Delete
    • Requesting a Deletion
    • Managing Deletion Requests
  • 🏛️Archive Management
    • 🧲Importing Data
      • 📥Mailbox Reader
        • Creating a New Mailbox Reader Import
        • Monitoring Mailbox Reader Imports
      • 🗂️Configuring Folder Replication
        • Getting Started
        • Configuring a new Connection for Folder Replication
        • Monitoring Folder Replication
        • Completion of Folder Replication Process
        • Using Folder Replication
    • 🎨Branding
    • 💰Billing
      • Monitoring Usage
      • Submitting Reports
  • 🔌Outlook Add-in
    • Local Add-in Install
    • Centralised Add-in Install
    • Introduction to the Outlook Add-in
    • Searching via the Outlook Add-in
    • Pinning the Outlook Add-in
    • Continuing your Add-in Search on the Archive Interface
  • 🛰️Release Notes
    • 26-01-2024 (v9.4.4-b69-00)
    • 11-10-2023 (v9.4.4-b52-00)
    • 10-05-2023 (v9.4.4-b52)
    • 06-03-2023 (v9.4.4-b50)
    • 20-01-2023 (v9.4.4-b46)
    • 06-05-2022 (v9.4.4-b29)
    • 28-01-2022 (v9.4.4-b21)
    • 09-12-2021 (v9.4.4-b15)
    • 15-10-2021 (v9.4.4-b14)
    • 05-10-2021 (v9.4.4-b12-00)
    • 30-07-2021 (v9.4.3-b8)
    • 18-05-2021 (v9.4.3-b7)
    • 19-02-2021 (v9.4.3-b1)
    • 04-02-2021 (v9.4.2-b20)
    • 15-01-2021 (v9.4.2-b17)
  • OAuth setup with Office 365
Powered by GitBook
On this page
  • Step 1: Creating a Google API Project
  • Step 2: Configure Consent Screen for OAuth
  • Step 3: Set up Google OAuth / Solar Archive SSO
  • Step 4: Link the OAuth Client ID to your Workspace
  • Step 5: Integrate Solar Archive Login Page
  • Step 6: Set up Google Service Account for IMAP / Mailbox Reader
  • Step 7: Configure Solar Archive Settings
  • Step 8: Link the Service Account to your Workspace

Was this helpful?

  1. Advanced Configuration

Configuring Google Workspace OAuth and Service Account

Configuring Google Workspace

PreviousConfiguring OAuth Connection SettingsNextConfiguring Okta

Last updated 1 year ago

Was this helpful?

In this tutorial, we will guide you through the process of setting up Solar Archive email archive systems with Google Workspace. We'll cover two main features: Single Sign-On (SSO) with Two-Factor Authentication (2FA) support using OAuth and IMAP setup for Mailbox Reader/Folder Rep/Mail Restore, utilizing a Google Service Account to access user mailboxes.

Step 1: Creating a Google API Project

  1. Go to the Google API Console by clicking this link: .

  2. Create a new project or add an existing one and associate it with your Workspace domain. This project will be used to manage the API settings and credentials for Solar Archive.

  3. Once the project is created or selected, all subsequent configurations will be done within this project.

Step 2: Configure Consent Screen for OAuth

  1. In the Google API Console, navigate to the "Credentials" section.

  2. Click on "OAuth consent screen" from the left sidebar to configure the Consent Screen settings.

  3. Create a new Consent Screen and specify the necessary information, such as the App name, User support email, User Type (Use Internal) and Developer contact information. (It is just details to display on a consent screen - so enter any details that seem reasonable. It is non-binding, non-critical, display only information to displays when an end user tries to use the 'app'.)

  4. Customize the Consent Screen as needed to provide a clear and user-friendly experience for your users during the OAuth login process.

  5. Save the changes to the Consent Screen.

Step 3: Set up Google OAuth / Solar Archive SSO

  1. In the "Credentials" section of the Google API Console, click on "Create Credentials" and select "OAuth client ID".

  2. Choose the "Web application" option as the application type.

  3. Enter a name for your OAuth client, and in the "Authorized redirect URIs" field, specify the redirect URL provided by Solar Archive. You can find this in (Solar Archive “SSO OAuth” panel)

  4. Click "Create" to generate the Client ID and secret values for the OAuth Client.

  5. We can now complete the Solar Archive settings as follows:

    Authorization URL:

    https://accounts.google.com/o/oauth2/v2/auth

    Access Token URL:

    https://oauth2.googleapis.com/token

    User Detail URL:

    https://www.googleapis.com/oauth2/v1/userinfo

    Please Note these values can be obtained from this link: User Detail Attributes*

    Username:

    email

    Mail:

    email

    Firstname:

    given_name

    Lastname:

    family_name

    Secondary Addresses:

    email

    * NOTE: This set of Attributes will be pre-filled (or hidden) if the “Provider Type” is set to the (recently added) Google

Step 4: Link the OAuth Client ID to your Workspace

  1. Access your Google Workspace administration area (admin.google.com) as an administrator.

  2. In the admin console, navigate to "Security" and then "API controls".

  3. Click on "Manage third-party app access" to add the OAuth Client ID to the list of allowed apps.

  4. Click "Add app" and select "OAuth App Name or Client ID".

  5. Enter the Client ID obtained from the Google API Console and click "Select" to add the app.

  6. Review and confirm the authorization to grant access to the Solar Archive app with the specified Client ID.

Step 5: Integrate Solar Archive Login Page

After completing the previous steps, the Solar Archive login page will automatically display an additional "Login With [OAuth connection name]" button, where the connection name corresponds to the OAuth Client name.

Step 6: Set up Google Service Account for IMAP / Mailbox Reader

  1. Go back to the Google API Console and click on "Create Credentials".

  2. Select "Service Account" and provide a name for your Service Account.

  3. Assign the required role to the Service Account, such as "Project" > "Editor" to grant access to user mailboxes.

  4. Click "Continue" and then "Create Key".

  5. Choose the key type as JSON and click "Create" to obtain the JSON key file containing authentication details for the Service Account.

Step 7: Configure Solar Archive Settings

  1. Log in to Solar Archive as an administrator.

  2. Navigate to "Advanced Configuration" > "SSO - OAuth" panel.

  3. Click "Create New Connection" and select the Provider Type as "OpenID Connect".

  4. Enter a meaningful Connection Name and choose "Web application" as the type.

  5. Paste the complete text of the JSON key file into the appropriate field.

  6. Save the connection to complete the setup.

Step 8: Link the Service Account to your Workspace

  1. Go back to your Google Workspace admin console.

  2. Navigate to "Security" > "API controls" > "Domain-Wide Delegation".

  3. Click "Add new" and paste the Client ID (Unique ID) obtained from the Google API Console.

  4. Click "Authorize" to grant the required permissions to the Service Account.

  5. The Service Account is now successfully linked to your Workspace and has access to user mailbox data.

Specify the necessary "OAuth scopes" (e.g., , Email, Profile) that the Service Account requires access to.

⚒️
Google API Console
https://accounts.google.com/.well-known/openid-configuration
https://mail.google.com