/* * These styles apply ONLY to the header and footer assets. */ footer { background-color: #2C353F; color: white; border-top: 4px solid #FF812C; padding: 40px; line-height: 1.3; } footer .brand, footer .legal, footer nav { max-width: 1186px; margin: auto; } footer .brand { display: flex; justify-content: space-between; } footer .brand svg { width: 76px; height: 50px; } footer nav { display: flex; flex-wrap: wrap; margin: 20px auto 40px; } footer nav div { margin: 0 40px 20px 0; } footer ul { margin: 0; padding: 0; } footer li { margin-top: 10px; list-style: none; } footer a { color: white; text-decoration: none; } footer a:hover { text-decoration: underline; } footer .legal { font-size: 12px; text-align: right; } @media (max-width: 992px) { footer .legal { text-align: left; } footer .legal a { display: block; } } .social li { display: inline-block; margin-left: 10px; } .social a { display: block; width: 24px; height: 24px; text-indent: -9999px; background-size: 24px 24px; } .social .tw { background-image: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAGAAAABgCAMAAADVRocKAAAAXVBMVEUAAACZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmsrKyzs7PMzMympqbZ2dn5+fn///+fn5/f39/s7Ozy8vK/v7+5ubnGxsbS0tLm5uZYTJQCAAAAD3RSTlMAQGCAv/+f7xDfII8wz1CZ7aIwAAACsUlEQVR4AazUxQEEIAwEwCCb4P2Xe69zQ3b+SFTmOB9ixE2MwTthcSHioxgc4XY1/GDq5EAKGX/lkGRPUUzSQrie/UQwLLEgK1zGsuxkWsWWKnNax6beZMIwbLMhf3kc8fKH4pAS7/9M5+/nv6Cg0Ln68is9QDPkg2agsSbvOog6a//M7yUHMifPMsiyPAmgC/KgGOis/Blh5kAXXEQTwEWhBwCcmNe65SAIhaeE6TOKAmnG93/L6efs5nJL/vu4vtAhRI5x6Bc+kZ+URf8g+aJhdMen0yFkWS/M/x42ziCQQA7Mho2z6DVrINtm1dDIBZzEuy5IwURvkb+CDNIZuDgrVFi0RYZubifZqkihoPdts/tk65S5F+s+Itrg2LkqN230viOgUhrOQeR2QZqgwF/mdO8cx/s0/RagJ56Uux+v+P0GuNMcV3G+QRdc2FDfQbNK1CuEL4bSNnCCufcxMsVSQtdEsO1MBH/hHqkHx+gTmLAAsTrAAqjeoIAELARAArSW5PmH6hb4+5UOc7gFqrrY3AJFXQS3gIk6EHIJ+KM0nxCwxe8ClwClcSOJnRGgsDgsBAUmwtjhjyFUiwCJl7E0xgLvCVOYOQ94IhLkfXc5ZkcdArwDLdOVbKm/qlGHTQdg6oDGlheOoU6AmcDg5XCDhP4m+HRDjutgkcDb8kfqs89y0gH0cXRDSxnXiB4fBq8INp97n96OnREKMlEZPCd048gK8rLso9eET4QIZVZETfSMT3gRj8y5VsVI8dwSvoC4wRzmOCWASE2wUAsn5zEEnHNsmxuv591/zukEUuR5ufg1l+A/SI3kQogxpl+12oEMAAAAgDB/6yDaNXorqfkoyLOmD7M+LfM47vM+AgpPLB6JPHN5qPPU6LEUcK8Ha0/ufhrw24MfN/x64ucZvv8ELRX24Wcw0ZgAAAAASUVORK5CYII="); } .social .tw:active, .social .tw:hover, .social .tw:focus { background-image: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAGAAAABgCAMAAADVRocKAAAAXVBMVEUAAAAdofIdofIdofIdofIdofIdofIdofIdofIdofIdofIdofIdofIdofIdofJHs/RWufWO0Pk5rfSq3Prx+f7///8rp/O44vvV7f3j8/1yxPdkvvaAyvic1vnH6Pyo7hvzAAAAD3RSTlMAQGCAv/+f7xDfII8wz1CZ7aIwAAACsUlEQVR4AazUxQEEIAwEwCCb4P2Xe69zQ3b+SFTmOB9ixE2MwTthcSHioxgc4XY1/GDq5EAKGX/lkGRPUUzSQrie/UQwLLEgK1zGsuxkWsWWKnNax6beZMIwbLMhf3kc8fKH4pAS7/9M5+/nv6Cg0Ln68is9QDPkg2agsSbvOog6a//M7yUHMifPMsiyPAmgC/KgGOis/Blh5kAXXEQTwEWhBwCcmNe65SAIhaeE6TOKAmnG93/L6efs5nJL/vu4vtAhRI5x6Bc+kZ+URf8g+aJhdMen0yFkWS/M/x42ziCQQA7Mho2z6DVrINtm1dDIBZzEuy5IwURvkb+CDNIZuDgrVFi0RYZubifZqkihoPdts/tk65S5F+s+Itrg2LkqN230viOgUhrOQeR2QZqgwF/mdO8cx/s0/RagJ56Uux+v+P0GuNMcV3G+QRdc2FDfQbNK1CuEL4bSNnCCufcxMsVSQtdEsO1MBH/hHqkHx+gTmLAAsTrAAqjeoIAELARAArSW5PmH6hb4+5UOc7gFqrrY3AJFXQS3gIk6EHIJ+KM0nxCwxe8ClwClcSOJnRGgsDgsBAUmwtjhjyFUiwCJl7E0xgLvCVOYOQ94IhLkfXc5ZkcdArwDLdOVbKm/qlGHTQdg6oDGlheOoU6AmcDg5XCDhP4m+HRDjutgkcDb8kfqs89y0gH0cXRDSxnXiB4fBq8INp97n96OnREKMlEZPCd048gK8rLso9eET4QIZVZETfSMT3gRj8y5VsVI8dwSvoC4wRzmOCWASE2wUAsn5zEEnHNsmxuv591/zukEUuR5ufg1l+A/SI3kQogxpl+12oEMAAAAgDB/6yDaNXorqfkoyLOmD7M+LfM47vM+AgpPLB6JPHN5qPPU6LEUcK8Ha0/ufhrw24MfN/x64ucZvv8ELRX24Wcw0ZgAAAAASUVORK5CYII="); } .social .in { background-image: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAGAAAABgCAMAAADVRocKAAAAYFBMVEUAAACZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZm/v7/y8vL////f39+srKzZ2dm5ubn5+fmfn5/Gxsbm5ubs7Oympqazs7PMzMzS0tJ8ZBiOAAAAEHRSTlMAQGCAv/9wn+8Q3yCPMM9Qrp5ApQAAAiNJREFUeNrV2oVi8yAYheGPwCkkqVKXdPd/kfPIVkmTEs4vz1zKWxdA+lGJNgYNY/RISSxKG9xldISIsg4PODuokeoMnTKdSpjcoiebBw/PS2iHpzgtz1AZnpYp6W2MIGPpZzJFoOlEepg5BHMz6TTCICPpYDGQ7RyfWrAAtWABamGESBK5a4ZoZnLHxCEaN5FbU0Q0Db3/Cb9fUohMyaUMkWVyQSM6Lb/kDvfNF9775QoBXN7jJrz2pc3AG3SO++a+st0hQN55Aha+th90ElK08I0DQqRS0qyAllLWHVgiRNZ1I1762hxBVMfDzMpXjoMeehxabbbl+DuEcZ13c7v94bCcD7vL0yDSImJAZEQE4U7FCR0eXwTFuXb54xzA6eXovyweX0RKErQ7+9rlj4fm+7JRoFUiOiSwO35/7XE71GJCAgd/ZYUWJihw69geQJSAL9AiVmDNDixiBxb7otis/Y9dzEBz/zr3jSJqoHmWcfC1TdTACyobXztHDRSonEiBE2qkAPoHzLsSpncjZPxT8C7/eSChB4RaeBd+QN6Epxzc8W7JTr5YXsDKF8ULKPmWsQKZlDQroKWUsgKpVGzfZ9c1NM614tFcQg6KXBoWBPZqOic2l7MnpNhTavRJQfa0Jn1ilj+1zJ8cv5UgkoS/QEEtWPYiEX2Zq0NCuHwZS438xVL+ci9/wZq/5M7fNMDf9sDfuMHfesLfPBO8/SfpOfgHuN/Cs2XbbmUAAAAASUVORK5CYII="); } .social .in:active, .social .in:focus, .social .in:hover { background-image: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAGAAAABgCAMAAADVRocKAAAAYFBMVEUAAAAAd7UAd7UAd7UAd7UAd7UAd7UAd7UAd7UAd7UAd7UAd7UAd7UAd7UAd7UAd7VgqtHf7vb///+v1egwkcOfzONQoszv9/oQgLpws9W/3e3P5vEgiL5AmciAu9qPxN93NZYzAAAAEHRSTlMAQGCAv/9wn+8Q3yCPMM9Qrp5ApQAAAiNJREFUeNrV2oVi8yAYheGPwCkkqVKXdPd/kfPIVkmTEs4vz1zKWxdA+lGJNgYNY/RISSxKG9xldISIsg4PODuokeoMnTKdSpjcoiebBw/PS2iHpzgtz1AZnpYp6W2MIGPpZzJFoOlEepg5BHMz6TTCICPpYDGQ7RyfWrAAtWABamGESBK5a4ZoZnLHxCEaN5FbU0Q0Db3/Cb9fUohMyaUMkWVyQSM6Lb/kDvfNF9775QoBXN7jJrz2pc3AG3SO++a+st0hQN55Aha+th90ElK08I0DQqRS0qyAllLWHVgiRNZ1I1762hxBVMfDzMpXjoMeehxabbbl+DuEcZ13c7v94bCcD7vL0yDSImJAZEQE4U7FCR0eXwTFuXb54xzA6eXovyweX0RKErQ7+9rlj4fm+7JRoFUiOiSwO35/7XE71GJCAgd/ZYUWJihw69geQJSAL9AiVmDNDixiBxb7otis/Y9dzEBz/zr3jSJqoHmWcfC1TdTACyobXztHDRSonEiBE2qkAPoHzLsSpncjZPxT8C7/eSChB4RaeBd+QN6Epxzc8W7JTr5YXsDKF8ULKPmWsQKZlDQroKWUsgKpVGzfZ9c1NM614tFcQg6KXBoWBPZqOic2l7MnpNhTavRJQfa0Jn1ilj+1zJ8cv5UgkoS/QEEtWPYiEX2Zq0NCuHwZS438xVL+ci9/wZq/5M7fNMDf9sDfuMHfesLfPBO8/SfpOfgHuN/Cs2XbbmUAAAAASUVORK5CYII="); } .social .fb { background-image: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAGAAAABgCAMAAADVRocKAAAAWlBMVEUAAACZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmwsbGfn5/f4OD29/fNzs7T1NSqq6vq6+vw8fHCwsLZ2tqlpaXl5eW8vLyhzSQ3AAAAD3RSTlMAECAwQFBgcICPn7/P3++kfFgMAAAB3ElEQVR42uzVBaKsMAyF4cAUXqaFHmRc9r/Md106RgrN9W8B/FgakjElO4dXznFpKBXDDhc5ThAx1uMGbyc1Mq4xqOaMxskthGyuevlxCfaI4plimBrRakNic4wyJ5lZhZGqGQkUHqP5ggaVmKSkARYTWcH1FQsWUC1YJGFVvq/gSxdIprg4Xx7J+EsTVyGhKtX5Iz+XDBIzFKqRWE0BRnIc7EcPoWa57p+su+W2xXU+HzHC7aIPtMKBziHTHvrABjfl0Q+w60Od8EzKINP0Jxa4LaMnLH+A0Ba3ceQMbPoTjWwWDGT27z9v193nWtk42+hPsGlwr22Eq8dHB44Q8sEbkgeaqCOPNQNMRE4z4IgImgEQGd2AoRICbXNv+zbBzZMWg0riuJsPrCRf2U0IYJjTD0A3gCmB7i8wNAcreUBvkv8CXyHgdANOP8C6AaZ/uoFSf2WqL/27Wu2riGIAiELoq+nNv9poIDNHAb+7cPXZ4g8vfzq+Dgc4Hp7vVzNHvw6IPmHPgKgTpgyINuGtAO/0iHfA0lRCB3ySDOmAJemcDjg+Xkh5pealoNeaXsx6tezluNf7IlBQwuIjkc9cPtT51Ohjqc+9Plj75O5HA3724IcbfnrixzN8/nMDirC1W9kOMlsAAAAASUVORK5CYII="); } .social .fb:active, .social .fb:focus, .social .fb:hover { background-image: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAGAAAABgCAMAAADVRocKAAAAWlBMVEUAAAA7WZg7WZg7WZg7WZg7WZg7WZg7WZg7WZg7WZg7WZg7WZg7WZg7WZg7WZg7WZhqgbBHY57H0N/29/ekss2wvNPq7fGNnsK8xtnf4+vT2eVSbaRed6qBlLw0jt4aAAAAD3RSTlMAECAwQFBgcICPn7/P3++kfFgMAAAB2klEQVR42uzYB5qrMAxF4Qvj8DR28KVML/tf5pT0HgnQ6/8COGm29AU6oZKUuJGSVAFTCZJ4UpIJIiFmXpDjqEYhNa+qpcAwZaRSLAc/3i8hmSZZYBFqmtUBarcc5BY6N3MONL+BwixzsDzDVRVHqXBF5EjR4fmGQiRdC5F0LVS0s3zTM05mdvJ8ZU4mnzpxc05oPv7+sd5LgRML2FdzYjX2CCcn2FFmKjX3z/3Sc3f/2PK8XA44wu1dv6dVHuiSOu1Lv+eBF5XmN/DU7+uUd1JBnaY/cMfLCiyJ/Q0sPfIyMZ6Bh8NAozsLgTqvu19v133lWt1xjuav4KHhl7ZRjp5sDrxTKeNLoDnQmK488QwIgOQZSADoGSAQfAMBFRXa5svj9gQ3Sy2vqiCmF7/vTfMtpxEBXpf8A/QNcEyg+x+4dg7e7AH7Sf4f+BMCyTeQ/APiGxD88A1U/iMTvgH/tcV/8fJfHZH9Ahnfol8g4lvwCwQs1F6BGkviFRAsFV6BAivRJxCxVvoESmxEj0A0/Z1jD+QSW5+12oEAAAAAgCB/6yjSuHuQ+kltR8GfNX+Y/Wn5x/Gf9z9QfGL5SPSZ60Pdp8aPpZ97P1h/cv/TwN8e/rjx15Mzz4T9B0g7tU+Zp1DeAAAAAElFTkSuQmCC"); } .social .yt { background-image: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAGAAAABgCAMAAADVRocKAAAAXVBMVEUAAACZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmfn5+wsbHCwsLIyMi2tralpaXZ2tr29/fq6+u8vLzf4ODl5eXw8fGqq6vT1NRwzJRcAAAAEHRSTlMAQGCAv/9wn+8Q3yCPMM9Qrp5ApQAAAiFJREFUeAG01EViQCEMBNCkYXC5/227qgs2/+2RqKzRF3MO75wzr8Ki5vArZ0q4PUT8IwaVC8kyprIlOVMCFoVCuJ79hEVsiSY7NGNbVllWcaTKmtZxqDdZMCKOxSFTHle8TARcCg/fDwT+/esvBFAEfn3XKj1AM+QXLYImNvmpg6jT9s/yXlKQqXyVQZblCwOdySclgi6W+QjTBrrgEWUSAC+EhIek117NA8diEAaiaf766pBKC/c/5u4BxlqMmPUBeAqD4wqeEOUhKT7g/H602XnpvqA6sb8fg4WouzOU2KXHaNmpMgMnu8rzjCB8tRvKT4fd+I7QG4pPl734HYH66O4DVFBl/QLAhz19FsBRQAIMSGf4mwBFWBoBIkfpAHyAxhpAXLUDVqCxChDxyQrYbACRGKwAsQHEHcUCEDNA5KpMAJCCAABSDAMAKTgAkStzAW+ifoGrXA2O8jABZ7D4wWYF+ET8F+lurANWC8Adxfy7XgyAGDoCztwM8KkrZE6NAHD5LQCctoCLLi25Hk5b1mF5UcaJ1zwss9uV9Po7KDctDie/KH1/SwfAa+n7LCMIxaNHqpdQV7UdfzilhNKLwGuvqdGOUykC6WUsuxCntxLYzRB6O4fdkGK31OhNQXZbk92Y5beW+c1xYAu5vc8fUPBHLNQhEWHMRVH68/+jRv6wlD/u5Q+sySN3/tIAf+2Bv7jBXz3hL8/Y13+WxsN/AGfYFB5ss5AkAAAAAElFTkSuQmCC"); } .social .yt:active, .social .yt:focus, .social .yt:hover { background-image: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAGAAAABgCAMAAADVRocKAAAAXVBMVEUAAAD/AAD/AAD/AAD/AAD/AAD/AAD/AAD/AAD/AAD/AAD/AAD/AAD/AAD/AAD/AAD+Dw/9Pj77bGz7fHz8TU3+Hx/5qqr29/f32Nj8XV34ubn4ycn36Oj9Li75mprxjXBTAAAAEHRSTlMAQGCAv/9wn+8Q3yCPMM9Qrp5ApQAAAiFJREFUeAG01EViQCEMBNCkYXC5/227qgs2/+2RqKzRF3MO75wzr8Ki5vArZ0q4PUT8IwaVC8kyprIlOVMCFoVCuJ79hEVsiSY7NGNbVllWcaTKmtZxqDdZMCKOxSFTHle8TARcCg/fDwT+/esvBFAEfn3XKj1AM+QXLYImNvmpg6jT9s/yXlKQqXyVQZblCwOdySclgi6W+QjTBrrgEWUSAC+EhIek117NA8diEAaiaf766pBKC/c/5u4BxlqMmPUBeAqD4wqeEOUhKT7g/H602XnpvqA6sb8fg4WouzOU2KXHaNmpMgMnu8rzjCB8tRvKT4fd+I7QG4pPl734HYH66O4DVFBl/QLAhz19FsBRQAIMSGf4mwBFWBoBIkfpAHyAxhpAXLUDVqCxChDxyQrYbACRGKwAsQHEHcUCEDNA5KpMAJCCAABSDAMAKTgAkStzAW+ifoGrXA2O8jABZ7D4wWYF+ET8F+lurANWC8Adxfy7XgyAGDoCztwM8KkrZE6NAHD5LQCctoCLLi25Hk5b1mF5UcaJ1zwss9uV9Po7KDctDie/KH1/SwfAa+n7LCMIxaNHqpdQV7UdfzilhNKLwGuvqdGOUykC6WUsuxCntxLYzRB6O4fdkGK31OhNQXZbk92Y5beW+c1xYAu5vc8fUPBHLNQhEWHMRVH68/+jRv6wlD/u5Q+sySN3/tIAf+2Bv7jBXz3hL8/Y13+WxsN/AGfYFB5ss5AkAAAAAElFTkSuQmCC"); }<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-NTBT3LG" height="0" width="0" style="display:none;visibility:hidden"></iframe>

Administrator Documentation

Configuring Google Workspace within the Google domain

You must register at least one domain (for example, myuniversity.com) with Google Workspace for Education. Google Workspace for Education has web services exposed, which can be used to manage users and get data.

Note: Google Workspace 1.3 does not support @gmail.com addresses at this time. It requires the use of a Business or Educational Google Workspace domain.

Register domains with Google Workspace

The Google Workspace integration supports multiple domains. For example, by organizing a Google Workspace environment into sub-domains, schools within an organization can continue to use their own domain names for their email and logins. To add multiple domains, D2L recommends managing them with a single Google Workspace account. For more information, refer to Domain Best Practices.

Each domain must be registered with Google Workspace before you add them to Brightspace.

Add domains to Brightspace

When you add a domain, Brightspace verifies that the service account credentials provided have access to that domain. If the service account has not been set up or validation of the service account fails, you are prompted to enter or resolve your service account information.

From the Admin Tools menu, or in the Organization Related section of the Admin Tools widget, click the Google Workspace Administration link.
Click Manage Domains.
Click Add Domain and enter the domain name, for example, myuniversity.com.
Click Save. The new domain is added to the domain list.

To configure existing domains, select a domain from the domain list and choose an option: Remove Domain, Edit Domain, or Set as Default.

Configure provisioning API for Google Workspace

Browse to https://admin.google.com and log in with your Google Workspace administrator account.
For information on configuring provisioning API for Google Workspace, see Enable API access in the Admin console in the Google Workspace Administrator Help.

Configure 3-legged OAuth (OAuth 2.0) for Google Workspace

Only regenerate the consumer secret if this is a new Google Workspace account. Regenerating the consumer secret might interfere with other tools interacting with this Google Workspace account.

Browse to https://admin.google.com and log in with your Google Workspace administrator account.
For information on how to access the location where you can regenerate the consumer secret, see OAuth: Managing API client access in the Google Workspace Administrator Help. In Advanced settings, click Manage OAuth domain key.

Note: On the Manage OAuth key and secret for this domain page, ensure the Enable this consumer key and Allow access to all APIs options are selected. Then, click Regenerate OAuth consumer secret. For more information on consumer secrets, see the Google Workspace for Work Help Forum.

Set up an API project and service account for OAuth 2.0

To use OAuth 2.0 with the Google Workspace integration, you must set up the following:

An API project - Google Workspace requires the configuration of an API project in order to leverage functionality and additional security.
A service account - By using a service account's credentials, Brightspace can make authorized calls to Google APIs on behalf of users to perform authentication and authorization. This mechanism improves the security of the Google Workspace integration.

Note: If your instance is located on a private domain, the d2l.3rdParty.GoogleApps.IsPrivateDomain configuration variable must be turned on. This configuration variable is only visible to D2L Support and installation administrators. For more information, see Configuration of the API project for private domains in this section.

Step 1: Create an API project

These steps are for creating a new API Project. If you have an existing project that you want to use, skip this section.

Browse to the Google Developers Console and log in with your Google administrator credentials.
For information on how to create a project, see Create, shut down, and restore projects in the API Console Help.
Enable the Drive API,Calendar API, Gmail API, and Admin SDK. For information on enabling APIs, see Enable and disable APIs in the API Console Help.

Step 2: Configure the authorization end point to work with your API project

In order for auto-authorization to work, you need to create a new Web Application client ID. This allows users to automatically authenticate their Google Workspace for Education account without needing any secondary intervention on the administrator's part. This is the standard configuration for Google Workspace.

If you are behind a private domain (D2L.3rdParty.GoogleApps.PrivateDomain is turned on), skip this section.

Ensure your API project is open in the Google Developers Console.
For information on how to create a new OAuth 2.0 client ID in the console, see the Web applications section in Setting up OAuth 2.0 in the API Console Help. Select the option to create a web application.

Note: You might be asked to configure your Google consent screen. Users might see this when initially configuring the connection between their Google accounts and Brightspace. See the User consent section in Setting up OAuth 2.0 and configure the consent screen as needed.
Enter a name for your web application.
In the field for authorized JavaScript origins, enter your D2L domain.
In the field for authorized redirect URLs, change the end point to [D2L Domain]/d2l/im/gapps/pages/auth/Signin.
Create the client ID.
Make note of the following values:
- client ID
- client secret
In Brightspace, on the Google Workspace Administration page, click Settings.
Under Google Client IDs, add the Client ID and Client Secret values.

Step 3: Configuration of the API project for private domains

This step is only necessary if you have not installed the hotfix for Public Authentication (PRB0048743) or are behind a private domain (D2L.3rdParty.GoogleApps.PrivateDomain is turned on). If this step is unnecessary, proceed to the next step.

Ensure your API project is open in the Google Developers Console.
For information on how to create a new OAuth 2.0 client ID in the console, see the Installed applications section in Setting up OAuth 2.0 in the API Console Help. Select the option to create an application of type Other to create an installed application.

Note: You might be asked to configure your Google consent screen. Users might see this when initially configuring the connection between their Google accounts and Brightspace. See the User consent section in Setting up OAuth 2.0 and configure the consent screen as needed.
Enter a name for your installed application.
Create the client ID.
Make note of the following values:
- client ID
- client secret
In Brightspace, on the Google Workspace Administration page, click Settings.
Under Google Client IDs, add the Client ID and Client Secret values.
If you selected the No service account option, follow the steps below to integrate multiple Google Workspaces. These steps must be followed for every Google Workspace you want to integrate.
1. Browse to your Google Admin console, located at http://admin.google.com , and sign in to your account.
2. Go to Security > API controls.
3. Under App access, select Manage Third-Party App Access.
4. Click Configure new app, and choose OAuth App Name or Client ID.
5. Enter the app's ClientID as noted above, and then click Search.
6. From the list of search results, click Select for the app that you want to manage.
  Note: Select the check boxes for the client IDs that you want to configure, and then click Select.
7. Select Trusted: Can access all Google services.
8. Click Configure. On the apps page, the Access column displays the access status for the apps as Trusted.
9. Browse to the Developer Console (console.cloud.google.com). Click Make External, and then
  set the Publishing Status to In Production

The In Production radio button is selected for the Publishins Status.

Note: The Developer Console may suggest that verification is required; however, you can skip the verification process if your app is solely used by Google Workspace users where the app is set to trusted. When the app is set to trusted, users from that Google Workspace domain don't count against the OAuth user cap of 100 users. The only limit that continues to be applied is a maximum of 10, 000 new logins per day.

Step 4: If you did not select the No Service account option from the Workspace Access area, configure the service account

To use the Admin SDK to perform administrator tasks, you need to configure a service account. The service account allows you to securely create, link, and deactivate users with the Google Workspace integration.

Ensure your API project is open in the Google Developers Console.
For information on how to configure a service account, see the Service accounts section in Setting up OAuth 2.0 in the API Console Help. For additional information, see Using OAuth 2.0 for Server to Server Applications and Service accounts in the Google Identity Platform.
To easily identify your service account for the Brightspace web application, create a new service account.
- D2L recommends that you enter a service account name that is the same as the web application name.
- D2L recommends that you choose the Project Owner role.
Choose to generate the key as a standard P12 file and save it to your local drive.
Create the service account key.
Make note of your private key's password and close the dialog box.
In the Google Developers Console, click the link to take you to the area where you can manage your service accounts.
From the more options button adjacent to your service account (the 3 vertical dots), select Edit.
Ensure that the domain-wide delegation option is enabled and save.
For the service account you created, click the link to view the client ID and make note of the following:
- Service account (email address), which is entered on the Google Workspace Service Account page in Brightspace, in the Service account email field.
- Client ID, which is entered into the domain security settings for the API scopes access.

Step 5: Allow the service account to access your Google Domain

For the service account to perform user actions against your domain, you must grant it access.

Browse to https://admin.google.com and log in with your Google Workspace administrator account.
For information on how to allow the service account to access your Google Domain, see OAuth: Managing API client access in the Google Workspace Administrator Help. Go to the Manage API client access area.
In the Client Name field, enter your service account Client ID. Your Client ID is from the Service Account Client where you generated the P12 key.
Before changing Read-only Access to Google Directory API, review your organization policy.
Do one of the following:
- If you have enabled Read-only access to Google Directory API in Google Workspace Administration settings, then add the following API scopes to the One or More API Scopes field as a comma separated list:
  
  https://www.googleapis.com/auth/admin.directory.user.readonly, https://apps-apis.google.com/a/feeds/domain/, https://www.googleapis.com/auth/gmail.readonly, https://www.googleapis.com/auth/calendar.readonly, https://www.googleapis.com/auth/drive.readonly
  
  Note: The Scope for only retrieving users or user aliases (view-only) is: https://www.googleapis.com/auth/admin.directory.user.readonly.
- If you have not enabled Read-only access to Google Directory API in Google Workspace Administration settings, then add the following API scopes to the One or More API Scopes field as a comma separated list:
  
  https://apps-apis.google.com/a/feeds/domain/, https://www.googleapis.com/auth/admin.directory.user,
  https://www.googleapis.com/auth/gmail.readonly, https://www.googleapis.com/auth/calendar.readonly, https://www.googleapis.com/auth/drive.readonly
  
  Note: The Global scope for access to all user and user alias operations (view and manage) is: https://www.googleapis.com/auth/admin.directory.user
Click Authorize.

Step 6: Configure a service account in Brightspace

From the Admin Tools, or in the Organization Related section of the Admin Tools widget, click the Google Workspace Administration link.
Click Service Account.
Enter your Google Workspace domain administrator's login name.
Enter your Service account email.
Enter your P12 Password.
In Upload P12 Key File, click Choose file and attach the P12 file you saved to your local computer.
Click Save.