Google Groups
Unthread's Google Groups integration allows you to dynamically manage group members from an automation. To set it up, head to "Apps & Integrations", and hit "Configure". You'll be asked to set up a service account in your Google account to give us proper authentication to manage these groups.
How to Generate a Google Service Account Email and Private Key for Unthread
Prerequisites
Before starting, make sure you:
-
Have admin access to your Google Workspace organization
-
Have permission to create projects and service accounts in Google Cloud
-
Can access the Google Cloud Console
Step 1: Create or Select a Google Cloud Project
-
Go to the Google Cloud Console
https://console.cloud.google.com -
In the top navigation bar, click the Project Selector.
-
Either:
-
Select an existing project, or
-
Click New Project and create one (e.g.,
Unthread Integration).
-
Step 2: Enable the Required APIs
Unthread needs access to the Admin SDK to manage Google Group memberships.
-
In the Google Cloud Console, navigate to:
APIs & Services → Library
-
Search for and enable:
- Admin SDK API
Step 3: Create a Service Account
-
Go to:
IAM & Admin → Service Accounts
-
Click Create Service Account.
-
Enter the following:
| Field | Value |
|---|---|
| Service account name | unthread-groups-access |
| Service account ID | (auto-generated) |
| Description | Allows Unthread to manage Google Group membership |
-
Click Create and Continue.
-
You can skip granting roles for now and click Done.
Step 4: Generate a Private Key
Now you'll create the private key that Unthread will use to authenticate.
-
In the Service Accounts list, click the new service account.
-
Navigate to the Keys tab.
-
Click Add Key → Create New Key.
-
Select:
- JSON
- Click Create.
A JSON key file will download to your computer.
⚠️ Important:
Store this file securely. It contains credentials that allow API access to your Google environment.
Step 5: Locate the Service Account Email
Open the downloaded JSON file and locate the field:
client_email
Example:
unthread-groups-access@your-project.iam.gserviceaccount.com
This is the Service Account Email you will provide to Unthread.
Step 6: Add Credentials to Unthread
In Unthread:
-
Navigate to Settings → Apps & Integrations → Google Groups
-
Enter:
| Field | Value |
|---|---|
| Service Account Email | The email address above |
| Private Key | Paste the entire JSON key file here |
- Save the configuration.
Step 7: Grant Domain-Wide Delegation (Required)
To allow the service account to manage Google Groups across your Workspace, you must grant domain-wide delegation.
-
In Google Cloud Console, open the service account.
-
Click Edit.
-
Enable:
Enable Google Workspace Domain-wide Delegation
- Save the Client ID.
Next:
-
Go to the Google Admin Console
https://admin.google.com -
Navigate to:
Security → API Controls → Domain-wide Delegation
-
Click Add new.
-
Enter:
| Field | Value |
|---|---|
| Client ID | Service Account Client ID |
| OAuth Scopes | https://www.googleapis.com/auth/admin.directory.group<br>https://www.googleapis.com/auth/admin.directory.group.member |
- Click Authorize.
Step 8: Verify the Integration
Once the credentials are saved in Unthread:
-
Trigger a Google Groups sync from the Unthread dashboard.
-
Confirm that groups and memberships are visible.
If everything is configured correctly, Unthread will now be able to:
-
View Google Groups
-
Add users to groups
-
Remove users from groups
-
Synchronize membership changes
Security Best Practices
-
Treat the JSON private key like a password
-
Do not commit it to source control
-
Rotate the key periodically if desired
-
Restrict access to the service account to administrators only