Set up your MDM account: Google Workspace
| Important: Every effort has been made to provide information that is current and accurate. While this information is considered to be correct at the date of publication (June, 2026), changes in content – including links to Google Workspace documentation – may impact the accuracy. |
To use Google Workspace with the Destiny Resource Manager Mobile Device Management (MDM) Integration feature, ensure the following are in place:
- A Google Cloud service account with a JSON key. You will need to paste the JSON key into Resource Manager.
- Domain-wide delegation (DWD) on that service account, authorized for these five OAuth scopes:
- https://www.googleapis.com/auth/admin.directory.device.chromeos
- https://www.googleapis.com/auth/admin.directory.device.chromeos.readonly
- https://www.googleapis.com/auth/admin.directory.orgunit.readonly
- https://www.googleapis.com/auth/admin.directory.user.readonly
- https://www.googleapis.com/auth/admin.reports.audit.readonly
- The Google Workspace super-admin email used to impersonate via DWD (the "service account user").
- The Workspace customer ID (often left as my_customer, which Google resolves automatically — but the field exists for multi-tenant edge cases).
- Chrome OS Organizational Units (OUs) defined in the Admin Console. The sync moves devices between OUs.
- Admin SDK Directory API and Admin SDK Reports API enabled in the Google Cloud project that owns the service account.
- A Directory API watch channel (push notifications) if you wants near-realtime device-change pickup instead of polling. (Optional)
Use the following resources to complete the Google Workspace setup:
- Create service accounts in Google Cloud.
- Create and delete service account keys to generate and download the JSON key for the service account.
- Understand the OAuth 2.0 server-to-server / service-account flow (developer reference for DWD). In Using OAuth 2.0 for Server to Server Applications, see the "Delegate domain-wide authority" section.
- Control API access with domain-wide delegation to walk through the Admin Console UI to authorize DWD and paste the scopes as the Workspace admin.
- Find the Workspace customer ID: Find your customer ID.
- Learn how the organizational structure works to understand the OU structure you must have in place before syncing.
- Review the Directory API Overview, which gives information about how to enable the Google Cloud Platform (GCP) project.
- Review the Reports API Overview, which gives information about enabling the GCP project.
- Sign up for real-time device-change Push Notifications. (Optional)