Use service accounts with Google Groups APIs without domain-wide delegation

What’s changing 

Service accounts can now have direct access to Groups APIs without needing domain-wide delegation and admin impersonation. This means you can: 

Who’s impacted 

Admins and developers 

Why it’s important 

Using service accounts with Groups can help provide sufficient data access for business apps and enable the automation of various admin tasks. 
Previously, you had to use domain-wide delegation and admin impersonation to provide service accounts with sufficient data access. This was a cumbersome process, which could result in overly broad privileges for the service account and audit logs that were hard to interpret. 
By enabling direct API access, we’re making it easier to use service accounts to enable critical business apps and processes while making it easier to maintain a strong security and compliance posture. 

Getting started 

Rollout pace 

  • API role assignments: This feature is available now for all users 
  • Admin console roles page updates: Rapid and Scheduled release domains: Gradual rollout (up to 15 days for feature visibility) starting on August 26, 2020 Service account 
  • API access: This feature is available now for all users 

Availability 

  • Available to all G Suite customers 

Resources 

Read More