If you need to access multiple user mailboxes via IMAP to backfill the email Archive via the Mailbox Reader service, you must set up a Google Service Account with the authority to do this. Otherwise, you will be required to enter the password for every user mailbox that you need to access.

A Service Account is not interactive and therefore cannot perform Two Factor Authentication. It is configured to use OAuth with a special key file.

  1. Return to your Google Cloud Project, and access the APIs and Services panel. Select Credentials and from the +Create Credentials dropdown menu, select Service Account.

    AT-Service-Account.jpg

    You will be directed to the IAM & Admin section of your Google Cloud Project.

  2. In the Create service account screen that opens, enter a Service Account Name. The name that you enter here will be used to create a Service Account ID, which appears as a long email address.

    AT-Create-Service-Account.jpg

    The following is an example of a completed Service Account that will be used for ArcTitan’s Mailbox Reader service:

    AT-cry-service-acct-example.jpg
  3. In order to use the Service Account in an application like IMAP, you’ll need to obtain a Key File containing names, keys and certificates. Open the Service Account that you have just added, For the Security account that you have added, select the Keys tab and Add a Key.

    AT-Service-Account-Add-Key.jpg
  4. Create the JSON file for this key, being careful to store the file securely and not copy it widely, as it can be used by anyone to remotely access your Workspace services where scopes have been permitted.

    AT-Service-Account-JSON.jpg
  5. Register the Service Account as an API Service Account in the same way as OAuth was registered. Refer to Step 5 of Set Up Google OAuth for ArcTitan SSO.