This guide assumes that you have already completed the necessary steps for SSO, as explained on https://support.spencer.co/en/articles/257525-configuring-sso-with-google-workspace

Navigate to https://console.developers.google.com and ensure the correct project is selected.

#1 Click on the hamburger menu, and navigate to IAM & Admin > Services Accounts.

#2 You'll be guided to a service account overview screen.

Click on Create Services Account.

#3 Complete Service account name with a useful name like "Spencer Sync".

Click on Create.

#4 Click on Continue to skip the optional permission step.

#5 Click on Create Key and select JSON. Click Create.

#6 Download the file and send it over to Spencer support.

#7 Go back to Service Accounts and click on your newly created Spencer sync. Copy-paste the "Unique ID", as you'll need it later.

#8 Enable the Admin SDK. Browse back to the dashboard of your project and click on Enable APIs and services.

#8 Search for "Admin SDK" and click on Enable.

#9 Next, search for "Google People API" and click on Enable.

Only users with access to the Admin APIs can access the Admin SDK Directory API, hence your service account needs to impersonate actual user.

Additionally selected user must have logged in at least once and have accepted the Google Terms of Service.

#1 Browse to https://admin.google.com and navigate to Security > Overview.

#2 Scroll down, search for API controls and click on it.

#3 Click on Manage Domain Wide Delegation.

#4 You'll be guided to a screen where you can manage API clients. Click "Add new".

#5 Complete the modal with following information, then click Authorize:

#6 Go to Account > Admin roles in the Google Admin console and click Create new role.

#7 Complete the name field with "Spencer". Complete the Description field with a clear explanation, like "Special role for the Spencer application". Click on Continue.

#8 Under Admin console privileges, scroll down to the Users section, then tick the Read checkbox. Click Continue.

#9 Google will present you a summary screen to review your settings. Click Create Role.

#10 Decide on a user account that will be used for impersonation. Spencer advises to create a generic user account like [email protected] instead of an actual person.

Before continuing, ensure that you've logged in at least once with this user and that you've accepted the Google Terms of Service.

#11 Go to Directory > Users and click on the chosen user account. Then under Admin roles and privileges, click on Assign Roles.

#12 Assign the special Spencer role created before and click Save.

Finally, you're done! Please inform Spencer that you've completed the steps so they can activate the automatic user sync on their end.

Wondering how Google user information maps to Spencer? See https://support.spencer.co/en/articles/269952-field-mapping-for-google-user-sync for a detailed mapping.

Now that you're using SSO and user sync via Google, you might also wish to set up a synchronisation with Google Drive for your document library in Spencer?

We have a guide for that as well, see https://support.spencer.co/en/articles/257523-document-library-via-google-drive