Create a Gmail/ Google Cloud Service Account

The procedure below describes how to create a Gmail service account in the Google Client Platform. A service account represents a Google Cloud service identity, such as Compute Engine VMs, App Engine apps, or systems running outside of Google. After you have created the service account, you can use the JSON file and your Google service account credentials in the Server > SMTP tab as described in Email Server Settings.

NOTE: Your personal Gmail email account cannot be used as a Google Cloud Platform administrator. You will need to create a Google Workspace administrator account. You can read more about Google Workspace here https://workspace.google.com/faq/.

To create a Gmail service account

  1. Navigate to Google Cloud Platform (GCP) console: https://console.cloud.google.com/.

  2. Login with your Google administrator account.

  3. To create a new project, click APIS AND SERVICES.

  4. Click + ENABLEAPISANDSERVICES.

  5. In the API library, search for the following API sets. Click each set and then click Enable.

    1. Gmail API

    2. Google Calendar API

    3. Contacts API

    4. People API

    6. NOTE: Navigate back to the API library by clicking the menu and then click APIs & Services > Library.

  6. In the API & Services > Library, click IAM & Admin > Service Accounts.

  7. At the top of the IAM & ADMIN page, next to Service accounts, click CREATE SERVICE ACCOUNT.

  8. Fill in the details of the account and then click CREATE AND CONTINUE.

  9. Click Done.

  10. On the Service accounts page, under the Actions column, select the recently created service account then click Manage keys.

  11. On the account page, click Create new key.

  12. In the dialog box that appears, under key type click JSON then click CREATE.

    13. NOTE: Capture the Client ID* as this will be needed later!

  13. The JSON file should be downloaded to your computer. You must store this securely as it provides access to your resources. Click Close.

The next steps will enable the service account with Gmail.

  1. Login to the Gsuite Admin Console: https://admin.google.com, and then click the Security icon.

  2. Under Access and data control, click API controls.

  3. Click Manage Domain Wide Delegation.

  4. Click Add New.

  5. Add the following scopes to the service account previously created:

    • https://www.googleapis.com/auth/gmail.readonly

    • https://www.googleapis.com/auth/calendar

    • https://www.googleapis.com/auth/gmail.send

    • https://mail.google.com/

  6. Provide the Client ID, and then click Authorize.

  7. Enter the Client ID from the previous configuration. (Later, you can use the procedure below to find your Client ID).

  8. Click Save.

  9. Wait 5 minutes for the account to propagate correctly.

To find your Client ID

Client ID is the unique ID of the Service account client (not the Key ID). It can be found by clicking the menu in the GCP console and selecting IAM & Admin > Service accounts. Click View Client ID and then copy it onto your clipboard.