...
- Signup for GCP
- Go to IAM & Admin → Groups
- It will say "This feature requires an organization" and at the bottom of the screen, click the button "GO TO THE CHECKLIST"
- Follow the instructions to set up cloud identity, verify your domain.
- In the project allow admin SDK
- Go back to https://console.cloud.google.com/ IAM & Admin.
- Under IAM → Permissions, add a new Principal with role Owner.
- On the left, click on Service Accounts. Create a new service account. Under the newly created service account, create a new key (P12).
- Under the newly created service account, enable Domain-wide Delegation.
- Under the newly created service account, under Permissions, add the Principal you added above.
Scopes should be:
Code Block https://www.googleapis.com/auth/admin.directory.user https://www.googleapis.com/auth/admin.directory.group https://www.googleapis.com/auth/admin.directory.group.member
- The user impersonated as needs to be an admin