/
How to set up a Service Account

How to set up a Service Account

A Google Workspace Admin account is required for this setup.

 

1.) Login to https://console.cloud.google.com/

 

2.) Before setting up the Service Account, we need a Google Cloud Project for this Service Account. If there is no applicable project yet, create a new project to manage API access and authentication.
For example, "Jigo Service Account"

 

3.) The Admin SDK API and some Google App APIs need to be enabled for the integration to work. Go to the Google Cloud Console, find your project, and enable APIs depending on your use case.

We suggest to activate all APIs, as detailed usage will be further limited with the selection of scopes in step 17. Enabling an API does not allow Jigo to interact with your data.

App

API Name

Reason

App

API Name

Reason

General

Admin API

Required for any app.
Used to display user details (name, email, avatar).

Gmail

Gmail API

Display shared emails

Chat

Google Chat API

Display shared space names and allow users to join them.
If you use the Chat API, you also need to enable the Chat App, read more in 3a below.

Calendar

Google Calendar API

Display shared events and invite users

If APIs are already enabled, you can skip this step.

Guide to set up APIs

a.) Select Enable APIs and services

b.) Click on Enable APIs and services

image-20250324-143051.png

c.) Search for APIs depending on your configuration.

d.) Click on Enable for all of the chosen APIs

 

3a.) If you are using the Google Chat API, you also need to enable a Chat App. This chat app is used when the Service Account accesses your Chat Spaces (e.g. act as the user adding new members to Chat Spaces)

  1. Go to your Project > APIs and services > Enabled APIs and services > Google Chat API

  2. Go to the Configuration tab.

  3. Enter details:

    1. Build this app as a Workspace Add-On can be turned either on or off
      (does not matter for our configuration)

    2. Enter Application info:

      1. App name: we suggest “Jigo Service Account”

      2. Avatar URL: https://lovebyte-gwi.s3.eu-central-1.amazonaws.com/logos/logo-t-128.png

      3. Description: we suggest “Jigo Service Account”

    3. Interactive features should be turned off

  4. Click Save. The configuration should now look like this:

    image-20250731-084658.png

 

4.) On the left side panel click in APIs and services on Credentials

 

5.) Click on Create Credentials

image-20250324-143135.png

 

6.) Choose Service Account

 

7.) Give your Service account a name and click Done

image-20250324-143309.png

 

8.) Click no on your created service account

image-20250324-143416.png

 

9.) On the Tablist go to Keys

image-20250324-143457.png

 

10.) Click on ADD KEY to Create new key

image-20250324-143541.png

 

11.) Select JSON and click Create

A JSON file will be downloaded, which will be used for authentication.
Important: We need to access the content of this file later for the credentials of the Service Account.

image-20250324-143619.png

 

12.) Important: Copy your Unique ID from the service account on the Details tab

image-20250324-143809.png

 

13.) Login to admin.google.com

 

14.) On the left side panel go to Security / Acces and data control / API controls

2025-03-10 15_48_04-Admin console.png

 

15.) Click on Manage Domain-Wide Delegation

 

16.) Click on Add new

2025-03-10 15_59_07-2025-03-10 15_58_20-Domain-wide delegation.png

 

17.) Add your copied Unique ID from your service account (from step 12) and add scopes depending on the features you want to use, then click on AUTHORISE.

Please also make sure the APIs for the selected scopes were activated in step 3.

App

Scopes

Reason

App

Scopes

Reason

Gmail

https://www.googleapis.com/auth/gmail.readonly

Display shared emails

Chat

https://www.googleapis.com/auth/chat.spaces.readonly,https://www.googleapis.com/auth/chat.memberships

Display shared space names and allow users to join them

Calendar

https://www.googleapis.com/auth/calendar.events

Display shared events and invite users

Please make sure the scopes are comma-separated and without any white-spaces. The UI also allows you to enter one scope per line. If you want to use all apps/features, copy the following:

https://www.googleapis.com/auth/gmail.readonly,https://www.googleapis.com/auth/chat.spaces.readonly,https://www.googleapis.com/auth/chat.memberships,https://www.googleapis.com/auth/calendar.events

image-20250424-124755.png

Attention: These scopes may change over time. Updates to these scopes will be documented in the Release Notes as well.

 

18.) The last step is to enter the Credentials JSON for the generated Service Account into the Service Account configuration of Jigo. Navigate to the Servie Account section:

image-20250401-114142.png

Open the downloaded JSON file from step 11 in a text editor of your choice. Copy the whole content of the file and put it into the field Credentials JSON.

image-20250401-113620.png
image-20250401-114421.png
image-20250324-145457.png

A “Valid” flag will show up next to the Service Account heading if everything is entered correctly and the Service Account is working. Finally Save to make sure the entered Credentials can be used. Please note that after saving the Credentials will no longer be readable on the Service Account screen.

 

Congratulations! You have successfully configured your Google Service Account and can proceed with enabling the extended features in e.g. the Gmail configuration.