This handler uses the Google Admin SDK API library to create a new Google Group on your domain. Using a Service Account Email and the corresponding P12 file (see below for details about obtaining these values) to authenticate the handler against Google's API. If the input variables are verified to be legal, then the new group will be created using that information. If Google finds a duplicate group id during this process an exception will be thrown because group id's are required to be unique. If the group is successfully created, the specified owner will be assigned to the group with admin privileges. Any errors that occur during the posting process will be caught and re-raised by this handler.
- In order to use this handler, the account specified by the task info values needs to enable Admin SDK API in admin account.
How to retrieve the Service Account Email and Setup P12 File
To enable the Calendar API and get the Service Account Email and P12 File
1. Navigate to the 'Google Developers Console'
2. Click on the Create Project button (or if you have an existing project that you wish to keep using, click on the project name.)
3. Go to the APIs page and turn on the Calendar service
4. Go to the Credentials page and Create a new Client Id
* Select 'Service Account'
* Select 'P12 Key' for Key type
5. When you click 'Create Client Id', a P12 File will be downloaded
6. Remember the Email for the Service Account that you just created
To add the P12 file to the handler:
1. Download the .zip file for the handler
2. Expand the zipped directory, and place the P12 File that you just downloaded into the resources folder
* Found at google_apps_calendar_create_v3 => handler => resources
* Remember the name of the P12 File, it will be needed later
3. Zip the directory back up and upload to Kinetic Task
The Service Account Email and P12 File name will be used as info values for the handler, and will be used to get access to the Google Services
How to Perform Domain-Wide Delegation of Authority to Allow Impersonation
- Go to your Google Apps domain’s Admin console.
- Select Security from the list of controls. If you don't see Security listed, select More controls from the gray bar at the bottom of the page, then select Security from the list of controls.
- Select Advanced settings from the list of options.
- Select Manage third party OAuth Client access in the Authentication section.
- In the Client name field enter the service account's Client ID.
- In the One or More API Scopes field enter the list of scopes that your application should be granted access to (see image below). For example if you need domain-wide access to the Google Directory API enter:
- Click the Authorize button.