Skip to content

Google Service Authentication

Use this page when Emakin needs Google API server-to-server access through a Google service account. This is typically relevant for on-premises deployments or environments where the cloud-side configuration is not already managed.

Note: The Google Console flow and credential formats described below reflect the currently documented setup. Google may change console labels, key formats, or service-account options over time.

Creating a Service Account

Before allowing access, register Emakin as an application. According to the current documentation, this is already configured for cloud deployments and is required mainly for on-premises environments.

  1. Log in to Google Cloud Console.
  2. Open IAM & Admin and select Service Accounts.
  3. Select Create Service Account and enter a name for the account, for example emakin.
  4. Enable Furnish a new private key and Enable G Suite Domain-Wide Delegation.
  5. Select P12 as the key type.
  6. Record the Service Account Id for later use.
  7. Create the account and download the .p12 file.

Configuring Emakin for Google Login Service

  1. Open Edit Domain from the administration menu.
  2. Expand Google Login Service.
  3. Enter the registered Google credentials.

Google credential settings in the service-account configuration screen.

  1. Enter the service account key in one of the supported formats:

  2. If the certificate is stored on the local server:

  3. FILE;<CertificateFilePath>;<CertificatePassword>

  4. If you do not have local access to the server:

  5. BASE64;<CertificateBase64>;<CertificatePassword>

  6. URL;<CertificateFileUrl>;<CertificatePassword>

Configuring Emakin for Google Drive Integration

If you want to enable Google Drive, add a new element in fileServices like the example below:

1
2
3
4
5
<fileServices>
 <add clientType="Desktop" />
 <add clientType="Webcam" />
 <add clientType="GoogleDrive" scope="https://www.googleapis.com/auth/drive"/>
</fileServices>

If you want to allow offline API access without user interaction, add the offline scope as a space-separated value.