A Google service account is a special type of Google account for an application. This account is used by
Sophos Mobile to communicate with the Google APIs.
Create a project:
-
Sign in to the Google API console with your domain administrator account.
You can find the link in related information.
-
In the header bar of the Google API console, click .
If there’s already a project selected, click its name and then New
project.
-
In the New project dialog, enter a project name, for example
Android Enterprise, and then click Create.
- Optional
If the header bar shows another project, click its name and then select the new project.
Enable the Admin SDK API:
-
Click the Navigation menu button in the top left corner and then .
-
On the Welcome to the API Library page, enter the string admin
sdk in the search field.
-
In the search result list, click Admin SDK.
-
On the Admin SDK page, click Enable.
Enable the Google Play EMM API:
-
On the Welcome to the API Library page, enter the string
emm in the search field.
-
In the search result list, click Google Play EMM API.
-
On the Google Play EMM API page, click Enable.
Create a service account:
-
On the Google Play EMM API page, click Create
credentials.
-
In step one of the Add credentials to your project page, click the
service account link.
-
On the Service Accounts page, click Create Service
Account.
-
In Service account name, enter a name to identify the service account, for
example Android Enterprise.
-
Click Create.
-
On the Service account permissions page, click
Continue.
-
On the Grant users access to this service account page, click
Create key.
-
Select JSON and then click Create.
The private key for your service account is generated and saved to your computer in a JSON
file.
Store the JSON file in a secure location. You need it to bind Sophos Mobile to your Managed Google Domain.
-
Click Done.
-
On the Service accounts page, click the email address of the service account
you’ve created.
-
On the Service account details page, click
Edit.
-
Expand the Show domain-wide delegation section and then select
Enable G Suite Domain-wide Delegation.
-
In Product name for the consent screen, enter for example Sophos
Mobile.
-
Click Save.
Configure API access:
-
Sign in to the Google Admin console with your domain administrator account.
You can find the link in related information.
-
Click .
You may need to click Show more to display Advanced
settings.
-
Click Manage API client access.
-
Open the JSON file in a text editor and copy the
client_id
value into the
Client Name field.
For example, if your JSON file contains a line "client_id":
"123456789", then enter 123456789 in the Client
Name field.
-
In One or more API Scopes, enter the following (without line break):
https://www.googleapis.com/auth/admin.directory.user,
https://www.googleapis.com/auth/androidenterprise
-
Click Authorize.