This step by step guide explains how you can create a Google service account using the Google developer console. We’ll also see how to enable Google APIs that our application will access via the service account credentials.

1. Go to console.developers.google.com and create a new project. Let’s call this Service Accounts Tutorial.

2. Go to the Library section and enable a couple of Google APIs and service that you will use in the project.

3. Enable the Admin SDK. This will allow the Google Apps domain to manage the users in the domain.

4. Go to the menu, choose IAM & Admin, Service Accounts and create a new service account.

Set the Role as Service Account Actor, choose JSON for the private key, enable Google Workspace Domain-wide delegation. This is essential since we would like the application to access the data of all user’s in the Google Workspace domain without manual authorization on their part.

The JSON file that contains the client credential will download to your computer. Store it in a safe location because you will not be able to download it again.

The service account has been successfully created. The JSON fill will the Private key and the Client Email that will use in our application. The file will also have the Client ID that will need to whitelist this application in the Google Apps admin console.

In the next chapter, we’ll see how the Google Workspace domain administrator can setup the OAuth2 application inside admin console for domain wide delegation.