This page describes how to enable the data collection of G Suite for processing by Forseti Inventory.
To complete this guide and enable a service account in your G Suite admin control panel, you must have the super admin role in admin.google.com.
To enable collection of G Suite data using your existing Forseti service account, follow the steps below. Read more about domain-wide delegation.
Go to the Google Cloud Platform (GCP) Console Service accounts page.
On the right side of the Forseti GCP server service account row, under Options, click More > Edit.
On the Edit service account dialog that appears, select the Enable G Suite Domain-wide Delegation checkbox, then click Save. NOTE: You may see a field entitled “Product name for the consent screen”. You cannot leave this field blank.
On the service account row, click View Client ID.
On the Client ID for Service account client page that appears, copy the Client ID value, which will be a large number.
In the One or More API Scopes box, paste the following scope:
After you set up your service account above, you may need to edit the
field in your
If you are running Forseti on GCP and made any changes to the above values,
you will need to copy the
conf file to the Cloud Storage bucket. For more
Moving configuration to Cloud Storage.