Set up your MDM account: Google Workspace

Important: Every effort has been made to provide information that is current and accurate. While this information is considered to be correct at the date of publication (June, 2026), changes in content – including links to Google Workspace documentation – may impact the accuracy.

To use Google Workspace with the Destiny Resource Manager Mobile Device Management (MDM) Integration feature, ensure the following are in place:

  • A Google Cloud service account with a JSON key. You will need to paste the JSON key into Resource Manager.
  • Domain-wide delegation (DWD) on that service account, authorized for these five OAuth scopes:
    • https://www.googleapis.com/auth/admin.directory.device.chromeos
    • https://www.googleapis.com/auth/admin.directory.device.chromeos.readonly
    • https://www.googleapis.com/auth/admin.directory.orgunit.readonly
    • https://www.googleapis.com/auth/admin.directory.user.readonly
    • https://www.googleapis.com/auth/admin.reports.audit.readonly
  • The Google Workspace super-admin email used to impersonate via DWD (the "service account user").
  • The Workspace customer ID (often left as my_customer, which Google resolves automatically — but the field exists for multi-tenant edge cases).
  • Chrome OS Organizational Units (OUs) defined in the Admin Console. The sync moves devices between OUs.
  • Admin SDK Directory API and Admin SDK Reports API enabled in the Google Cloud project that owns the service account.
  • A Directory API watch channel (push notifications) if you wants near-realtime device-change pickup instead of polling. (Optional)

Use the following resources to complete the Google Workspace setup: