Skip to main content
  1. CloudM
  2. Archive
  3. Prerequisites

CloudM Archive: Provide a Google Cloud service account with domain-wide delegation

Updated

This guide details the mandatory steps to configure a Google Cloud Platform (GCP) Service Account with Domain-Wide Delegation. This configuration is required to successfully archive Google Chat data using CloudM Archive.

Before You Begin

Do you already use CloudM Backup?

If you have already configured CloudM Backup with a Domain-Wide Delegated Service Account, you do not need to create a new Service Account for CloudM Archive.

You may use the existing account, provided you enable the additional APIs and Scopes listed below in that same GCP Project.

For details on the Backup Service Account configuration, please see: 
CloudM Backup: Provide a Google Cloud service account with domain-wide delegation.

Note: If reusing an account, remember to navigate to Settings Domain Settings in CloudM and click Verify on the Service Account after adding the new scopes.

1. Enable APIs for the Google Cloud Project

  1. Log in to the Google Cloud Console.
  2. Select a Project: Click the project dropdown in the top header and select the project where your Service Account resides.
  3. Navigate to APIs & Services Credentials.
  4. Locate your Service Account and copy the Unique ID (Client ID). Save this ID for the Domain-Wide Delegation step.
  5. Navigate to APIs & Services Dashboard.
  6. Click + ENABLE APIS AND SERVICES.
  7. Search for and enable the following APIs:
    • Admin SDK API
    • Google Chat API

2. Set up Domain-Wide Delegation

To grant the Service Account access to your domain's data, you must configure Domain-Wide Delegation in the Google Admin Console.

For specific instructions on where to paste your Client ID, please refer to Google's official guide on setting up domain-wide delegation.

Required OAuth Scopes

Copy and paste the exact list below into the OAuth Scopes field in the Google Admin Console:

https://www.googleapis.com/auth/chat.memberships,
https://www.googleapis.com/auth/chat.messages,
https://www.googleapis.com/auth/chat.messages.reactions,
https://www.googleapis.com/auth/chat.customemojis,
https://www.googleapis.com/auth/chat.spaces,
https://www.googleapis.com/auth/admin.directory.user,
https://www.googleapis.com/auth/admin.directory.group

3. Set up the Google Chat App

This step configures how CloudM interacts with Google Chat to retrieve messages.

  1. In the Google Cloud Console, search for Google Chat API and click Manage.
  2. Select the Configuration tab.

  3. Critical Configuration:

    Ensure the checkbox labeled "Build this Chat app as a Workspace add-on" is UNTICKED.

    Warning: If this is enabled and saved, the configuration is permanent. To resolve this, you must create a new GCP Project and repeat the Service Account setup.

  4. Complete the configuration fields as follows:
    • App name: CloudM Chat App
    • Avatar URL: Enter a valid public URL for an image (e.g., your company logo).
    • Description: CloudM Archive Chat App
  5. Click Save.

4. Obtain the Service Account Key File

  1. Navigate to IAM & Admin Service Accounts.
  2. Select the Service Account you configured in Step 2.
  3. Select the Keys tab.
  4. Click Add Key Create New Key.
  5. Select JSON and click Create.
  6. The file will download automatically. Store this file securely.

5. Upload the JSON Key to CloudM

  1. Log in to the CloudM Platform.
  2. Navigate to Settings Domain Settings.
  3. Locate the Domain-wide Delegation Service Account section.
  4. Click Choose File.
  5. Select the JSON Key file downloaded in Step 4.
  6. Click Save.

Setup Complete

You are now ready to archive Google Chat data.

Note on Propagation: Google Cloud Platform changes—specifically the creation of keys and the assignment of scopes—may take up to 2 hours to propagate. If validation fails immediately, please wait and try again.

Was this article helpful?
0 out of 0 found this helpful