Domain-Wide Delegation of Authority for service account

1. Login to Google Cloud Directory Sync (GCDS).
2. Click on Security -> Access and data control -> API Controls from the navigation menu.
3. Click on MANAGE DOMAIN WIDE DELEGATION in the Domain wide delegation pane.
4. Click Add new.
5. In the Client ID field, enter the Client ID obtained from the service account creation steps. For more details, see Creating a Service Account.
6. In the OAuth scopes (comma-delimited)enter a comma separated list of the following:
   • https://www.googleapis.com/auth/admin.directory.user
   • https://www.googleapis.com/auth/cloud-platform
   • https://www.googleapis.com/auth/admin.directory.group
   • https://www.googleapis.com/auth/admin.directory.group.member
   • https://www.googleapis.com/auth/admin.directory.rolemanagement
   • https://www.googleapis.com/auth/admin.directory.customer.readonly
   • https://www.googleapis.com/auth/admin.directory.domain.readonly
7. Click AUTHORIZE.

For more details, see Delegate domain-wide authority to your service account.