Configure OAuth 2.0 for Service Accounts

Use this procedure to configure a secure connection between Mitel applications such as NuPoint UM and Google Apps such as Google Calendar using the OAuth 2.0 protocol.

With this type of server-to-server interaction, the application has to prove its own identity but end users do not need to be involved.

Create an API Project and Client ID in Google

Note:
The following instructions are provided as a guide only. For up-to-date instructions, refer to the Google online help:

  1. Log In to the Google API Console:

    1. Open a web browser and navigate to https://code.google.com/apis/console.

    2. Enter the domain administrator Email and password to log in.

  2. Create the Project:

    1. Click the Create project button.

    2. Enter the Project name (for example, "NuPoint Advanced UM") and click Create. Remain in the project.

  3. Enable Google APIs for the project:

    1. Open the side menu and select API Manager.

    2. Select a Google API such as "Calendar API" and click Enable API.

    3. Repeat for all Google APIs you want to support. Remain in the project.

  4. Create the Service Account with Client ID:

    1. Open the side menu and select Permissions.

    2. Under the Service accounts tab, select Create service account.

    3. Enter a Name, select Furnish a new private key and JSON as the file type, and then select Enable Google Apps Domain-wide Delegation. Set a Product name if prompted.

    4. Click Create and Close. The service account is created and the file containing the Private Key and Client ID is downloaded.
      Note: Store the file in a safe location. You will require it to establish your credentials to MSL.

    5. For the service account you just created, click View Client ID.

    6. Copy the Client ID and click Cancel. You will require the Client ID in the next procedure.

  5. Manage API Client Access (API Scopes): Once a service account is created, you must enable the scope of access for your client ID.

    1. Access the Google Admin console:

      1. Open a web browser and navigate to admin.google.com.

      2. Enter the domain administrator Email and password to log in.

    2. Click Security.

    3. Click Show more and then click Advanced settings.

    4. Under Authentication, click Manage API Client access.

    5. On the Manage API client access panel:

      1. Paste the client ID in the Client Name box.

      2. Enter the following in the One or More API Scopes box:

        To support Gmail integration (for NuPoint Advanced UM), enter: https://mail.google.com/

      3. Click Authorize.

        The client ID now has access to resources in the specified domains.

Upload Credentials to MSL

This procedure involves uploading your OAuth 2.0 credentials (service account Client ID and Private Key) from your computer to MSL. MiCollab employs these credentials to integrate with publicly available Google Apps.

  1. Log in to the MSL Server Manager as "admin".

  2. In the navigation tree, under Configuration, click Google Apps.

  3. Select the Service Account tab.

  4. Under Configuration, choose the following files from your computer:

    • Service Account ID (.json file)

    • Private Key (.p12 file)

    Note: The Private Key (.p12 file) file is required only for earlier implementations.

  5. Click Upload Credentials.

  6. Confirm that the Client ID, Email address, and Private Key are correct by comparing them to the corresponding fields in the Google API project.

It is now possible to configure a secure connection to publicly-available Google Apps using the OAuth 2.0 protocol for the Service Account client ID.

Note:

  • You can generate another private-public key pair and then upload the private key to the Service Account in MSL.

  • OAauth 2.0 data is not included in system (MSL) backups. Accordingly, if you perform a backup and restore procedure, you must then re-enter the OAuth 2.0 data in order to restore the Google Apps integration.

Parent topic: Google