Skip to content

Signing up with Google Identity / Google Workspace


A Google Identity or Google Workspace account and a Google IAM Service Account.

Create a new Service Account

Create Service Account Screen

  • Select the newly created service account, navigate to the Keys tab and click Add Key, select JSON and save the key.

Add Key Screen

  • Keep the Service Account Email, Client ID and the saved key file at hand

  • Visit

  • Under API Clients click Add new and fill out the Client ID, add the following scopes, and click Authorize:


Add New API Client Screen

Sign Up

Sign Up Screen

  • Fill in the Service Account Email and the copy the contents of the downloaded JSON file into the Service Account Config

  • Click the Signup button.

  • Follow the Google login process.

  • You are now signed in to the XplicitTrust admin portal:

Why is a Google IAM Service Account required?

To allow XplicitTrust to query the isAdmin attribute and the group membership of users as well as fetching existing user groups for the group import, a service account has to be created that has the following scopes from the Admin SDK API :

Scope Description Reason Read group information. Required by the User Groups Import feature, that allows to import groups from the Google Directory to be used in XplicitTrust Policies. Read user information. Required to read the users isAdmin attribute, that indicates a user with administrator privileges.