Overview

Google requires domain-wide delegation for Trustle to securely access your Google Workspace data. This allows Trustle to automate user management for your organization through the standard Google APIs.

What you'll need:

• For Trustle: Your organization’s Google Workspace Customer ID
• For Trustle: The email address of a Super Admin in your Google Workspace
• For Google Admin console: The Client ID and OAuth Scopes contained in this document

Step 1: Locate Your Google Workspace Customer ID

The Customer ID is a unique identifier for your Google Workspace organization that Trustle needs to properly configure this integration.

Instructions:

1. Sign in to Google Admin Console
   
   • Go to admin.google.com
   • Sign in with your super administrator account
2. Navigate to Account Settings
   
   • In the Admin console, click on Account in the left sidebar
   • Select Account settings
3. Find Your Customer ID
   
   • Look for the Customer ID field in the Account details section
   • It will be a string of characters like C01abc234 or C03xyz789
   • Copy this ID - you'll need to enter it into the Trustle UI.

Why Trustle needs this: The Customer ID ensures Trustle connects to the correct Google Workspace organization and helps with audit logging and security.

‍

Step 2: Identify Your Super Administrator Email

Trustle needs the email address of a super administrator account for initial configuration and ongoing administrative tasks.

Instructions:

1. Verify Super Admin Status
   
   • In the Google Admin Console, go to Directory > Users
   • Find your account or the account you want to use
   • Click on the user to view their details
   • Under Admin roles and privileges, confirm it shows Super Admin
2. Note the Email Address
   
   • Record the complete email address (e.g., admin@yourcompany.com)
   • This should be an account that will remain active and accessible

Why Trustle needs this: The super admin email is required for certain high-privilege operations.

‍

Step 3: Enable Required APIs

Before setting up delegation, you need to ensure the necessary Google APIs are enabled for your organization.

Instructions:

1. Access Google Cloud Console
   
   • Go to console.cloud.google.com
   • Sign in with your super administrator account
2. Select or Create a Project
   
   • If you don't have a project for API management, create one:
     
     • Click Select a project at the top
     • Click New Project
     • Enter a name like "Workspace API Management"
     • Click Create
3. Enable Admin SDK API
   
   • In the Cloud Console, go to APIs & Services > Library
   • Search for "Admin SDK API"
   • Click on it and select Enable

Why this matters: The Admin SDK API must be enabled to allow Trustle to interact with your Workspace data through the scopes configured in Step 4.

‍

Step 4: Configure Domain-Wide Delegation

This is the core step where you authorize Trustle to access your Workspace data.

Instructions:

1. Return to Google Admin Console
   
   • Go back to admin.google.com
2. Navigate to API Controls
   
   • Click Security in the left sidebar
   • Select Access and data control
   • Click API controls
3. Add Domain-Wide Delegation
   
   • Scroll down to Domain-wide delegation
   • Click Add new (or Manage Domain Wide Delegation)
4. Enter Client Information
   
   • Client ID: Enter the Client ID below – this is Trustle’s unique identifier
     
     • 105511435084235295500
   • OAuth Scopes: Copy and paste the following scopes (one per line or comma-separated):

               https://www.googleapis.com/auth/admin.directory.user

               https://www.googleapis.com/auth/admin.directory.customer

               https://www.googleapis.com/auth/admin.directory.group

               https://www.googleapis.com/auth/admin.directory.group.member

               https://www.googleapis.com/auth/admin.directory.orgunit

               https://www.googleapis.com/auth/admin.directory.rolemanagement

               https://www.googleapis.com/auth/cloud-identity.groups 

5. Authorize the Application
   
   • Click Authorize
   • Review the permissions summary
   • Confirm the authorization

What these scopes allow Trustle to do:

• User management: Read user information and manage user accounts
• Group management: Read and manage groups and group memberships
• Organizational structure: Access and manage organizational units
• Role management: Read and manage administrative roles
• Customer information: Read basic organization details

Step 5: Verify Configuration

After completing the setup, let's verify everything is configured correctly.

Instructions:

1. Check Domain-Wide Delegation List
   
   • In Admin Console, return to Security > Access and data control > API controls
   • Under Domain-wide delegation, verify your entry appears with:
     
     • The correct Client ID
     • All required scopes listed
     • Status showing as "Authorized"
2. Review API Access
   
   • In the same section, check that Admin SDK API appears in the list of enabled APIs