/
Service Account

Service Account

General

For certain functionalities, you'll need to set up a Google Cloud Service Account that has access to extended data within your Workspace instance. This enables Jigo to activate specific features, such as Sharing, which relies on a pre-configured Service Account.

Technical Background

Jigo prioritizes your data privacy. It doesn't store any of your sensitive information directly, but rather saves secure references (“links”) to access linked data within your own authorized user scope (OAuth). Consequently, you maintain complete control and can only ever view or interact with data (such as emails, chats, and events) that you already have permission to access.

To enable broader collaboration, Jigo can utilize a service account. This allows access to the original entity within the scope of the user who initially established the link. This capability is essential for features like displaying these items to colleagues and inviting them to shared workspaces.

image-20250324-142329.png

Rest assured, the Service Account is used exclusively for app functionality, and the credentials are stored securely with the highest level of protection. No additional data will be stored or accessed beyond what's required for app usage.

We understand that a Google service account setup may not be ideal for every company's infrastructure. Therefore, Jigo provides alternative methods for sharing information among your team. However, configuring a Google service account will consistently deliver the most integrated and seamless sharing solution, enabling advanced features such as entity sharing with colleagues.

 

How to set up a Service Account

A Google Workspace Admin account is required for setup.

 

1.) Login to https://console.cloud.google.com/

 

2.) Before setting up the Service Account, we need a Google Cloud Project for this Service Account. If there is no applicable project yet, create a new project to manage API access and authentication.
For example, "Jigo Service Account"

 

3.) The Admin SDK API must be enabled for the integration to work. Go to the Google Cloud Console, find your project, and enable the Admin SDK API.

If the API is already enabled, you can skip this step.

Guide to set up the Admin SDK API

a.) Select Enable APIs and services

b.) Click on Enable APIs and services

image-20250324-143051.png

c.) Search for Admin SDK API

d.) Click on Enable

 

4.) On the left side panel click in APIs and services on Credentials

 

5.) Click on Create Credentials

image-20250324-143135.png

 

6.) Choose Service Account

 

7.) Give your Service account a name and click Done

image-20250324-143309.png

 

8.) Click no on your created service account

image-20250324-143416.png

 

9.) On the Tablist go to Keys

image-20250324-143457.png

 

10.) Click on ADD KEY to Create new key

image-20250324-143541.png

 

11.) Select JSON and click Create

A JSON file will be downloaded, which will be used for authentication.
Important: We need to access the content of this file later for the credentials of the Service Account.

image-20250324-143619.png

 

12.) Important: Copy your Unique ID from the service account on the Details tab

image-20250324-143809.png

 

13.) Login to admin.google.com

 

14.) On the left side panel go to Security / Acces and data control / API controls

2025-03-10 15_48_04-Admin console.png

 

15.) Click on Manage Domain-Wide Delegation

 

16.) Click on Add new

2025-03-10 15_59_07-2025-03-10 15_58_20-Domain-wide delegation.png

17.) Add your copied Unique ID from your service account (from step 12) and add scopes depending on the features you want to use, then click on AUTHORISE.

App

Scopes

Reason

App

Scopes

Reason

Gmail

https://www.googleapis.com/auth/gmail.readonly

Display shared emails

Chat

https://www.googleapis.com/auth/chat.spaces.readonly,https://www.googleapis.com/auth/chat.memberships

Display shared space names and allow users to join them

Calendar

https://www.googleapis.com/auth/calendar.events

Display shared events and invite users

Please make sure the scopes are comma-separated and without any white-spaces. The UI also allows you to enter one scope per line. If you want to use all apps/features, copy the following:

https://www.googleapis.com/auth/gmail.readonly,https://www.googleapis.com/auth/chat.spaces.readonly,https://www.googleapis.com/auth/chat.memberships,https://www.googleapis.com/auth/calendar.events

image-20250424-124755.png

Attention: These scopes may change over time. Updates to these scopes will be documented in the Release Notes as well.

 

18.) The last step is to enter the Credentials JSON for the generated Service Account into the Service Account configuration of Jigo. Navigate to the Servie Account section:

image-20250401-114142.png

Open the downloaded JSON file from step 11 in a text editor of your choice. Copy the whole content of the file and put it into the field Credentials JSON.

image-20250401-113620.png
image-20250401-114421.png
image-20250324-145457.png

A “Valid” flag will show up next to the Service Account heading if everything is entered correctly and the Service Account is working. Finally Save to make sure the entered Credentials can be used. Please note that after saving the Credentials will no longer be readable on the Service Account screen.

 

Congratulations! You have successfully configured your Google Service Account and can proceed with enabling the extended features in e.g. the Gmail configuration.