โ€‹
Overview

This guide walks through configuring the Gmail connector using a Service Account.

๐Ÿข A Google Workspace is required to use this method.

๐Ÿ™‹ Prefer to use OAuth with a personal or individual Google account? Click here to see the OAuth flow instead.

โ€‹
Authorization

โ€‹
1. Create a Google Cloud Project

โ€‹
2. Enable Required APIs

โ€‹
Gmail API

  1. In the left menu, go to APIs & Services โ†’ Enabled APIs and services
  2. Click + ENABLE APIS AND SERVICES
  3. Search for Gmail API and click ENABLE
    โ†’ Or directly enable Gmail API here

โ€‹
Admin SDK API

  1. Again click + ENABLE APIS AND SERVICES
  2. Search for Admin SDK API and click ENABLE
    โ†’ Or directly enable Admin SDK API here

โ€‹
3. Create a Service Account

  • Go to the Service Accounts page
  • Click Create Service Account
  • Fill out Step 1 (Service account name, ID, etc.)
  • You can skip Steps 2 and 3

โ€‹
Generate Key

  • After creating the Service Account, go to the Keys tab
  • Click Add Key โ†’ Create new key
  • Choose JSON and Download the key

๐Ÿ“ฅ Youโ€™ll upload this JSON to Hymalaia during connector setup

โ€‹
โš ๏ธ Extra Step for Organizations Created After April 2024

Google has added additional permission enforcement for new orgs:

  1. Visit this link
  2. Select your newly created Service Account
  3. Click Manage
  4. Select Override parentโ€™s policy
  5. Set Rules โ†’ Not Enforced
  6. Click Set Policy

โ€‹
4. Grant Read-Only Access to Gmail

  1. Copy the Unique ID of your Service Account (youโ€™ll find this on the Service Account page)
  2. Go to the Domain-wide Delegation page in the Google Admin Console
  3. Click Add new
  4. In Client ID, paste the Unique ID of the Service Account
  5. In OAuth Scopes, paste the following scopes (comma-separated):
https://www.googleapis.com/auth/gmail.readonly,
https://www.googleapis.com/auth/admin.directory.group.readonly,
https://www.googleapis.com/auth/admin.directory.user.readonly

๐Ÿ” This grants the Service Account access to read Gmail, users, and groups

Once this setup is complete, you can go to the Hymalaia Admin Dashboard, select the Gmail Connector, and upload your downloaded Service Account Key JSON to start indexing emails.