Configuring Google Admin Console with the Service Account

Next we need to enable this new service account in Google Admin Console.

Login to your Google Apps Admin console.

Expand Security – Access and data control from the left menu and select API controls

Scroll down the page and select Manage Domain Wide Delegation

Click Add New

Select Manage API client access in the Authentication section. In the Client Name field enter the service account's Client ID. (This is the Unique ID from the Service Account Details we had pasted into notepad)

Paste in the following under OAuth scopes,,,,,,,,,,,,

Then Click Authorize

Log out of Google Admin Console

Log into the SyAM MDM Interface

Click on the left menu Managed Devices – select ChromeOS

Upload the P12 file and paste in the ID and email from your Service Account Details

Press Next

Skip the key for Static Maps by pressing Next

Enter the domain and the user email address that was used to Authorize the Service API in Google Admin Console and press Save

Press Sync

After it completes the Sync, it will present that data retrieved from Google.

You can now set the Polling Interval for the GAC Sync and the Site Manager Asset Update

Possible reasons why the error Authorization Status 401 Unauthorized can occur 

Incorrect Role chose for the service account – it must be set to Project – Service Account Actor

  • To resolve, delete the two sets of settings in the Chrome OS page in Management Utilities, delete the service account and start the process again, creating a new service account and then add the new service account into Google Admin Console with the URLs.

Incorrect Google Apps Email Address, possibly a typo or the email account used was not the account used when logging into Google Admin Console to add in the URLs to the Service account.

  • To resolve delete the Google Apps Domain information in the Chrome OS page in Management Utilities, then enter the correct email address and press save.

Likely reason the error Authorization Status 403 Unauthorized can occur 

Service Account Created but the API was not enabled

To resolve, log back into the Google Cloud, select your project and click to enable APIs