# Google Vault

Google Vault (opens new window) is an information governance and eDiscovery tool for Google Workspace. Vault allows you to retain, hold, search, and export Google Workspace data.

# API version

The Google Vault connector uses the Google Vault API v1 (opens new window)

# Prerequisites

Before you establish a connection to Google Vault, complete the following steps:

After you complete these prerequisites, proceed to connect to Google Vault on Workato.

# Create an admin role with Vault privileges

Complete the following steps to create an admin role with the required Vault privileges:

1

Sign in (opens new window) to the Google Admin console (opens new window) using a super administrator account. You must use a super administrator account to complete these steps.

2

Go to Menu > Account > Admin roles in the admin console.

3

Click Create a new role.

4

Enter a name and description for the role. For example, name the role based on the privileges it grants.

5

Click Continue.

6

Expand the Google Vault section.

7

Select the required privileges for the role. Refer to the Vault Privileges reference (opens new window) for more information.

8

Click Continue.

9

Review the privileges you selected, then click Create Role.

# Assign Vault roles to users

Complete the following steps to assign Vault roles to users:

1

Go to Menu > Directory > Users in the admin console.

2

Find the user in the list. Refer to the Find a user account (opens new window) article for more details.

3

Click the user’s name to open their account page.

4

Scroll to and click Admin roles and privileges.

5

Click Turn on next to the prebuilt or custom role. If Turn on doesn’t appear, click under Roles to reveal the switches.

6

Click Save.

# Configure OAuth 2.0 for authorization

Complete the following steps to configure OAuth 2.0 for your app:

1

Open the Google Cloud console and go to Menu > APIs & Services > OAuth consent screen.

2

Select the user type for your app, then click Create.

3

Click Add or Remove Scopes. Select the minimum scopes required for your app. For this connector, include the following:

4

Click Save and Continue after selecting the required scopes.

# Delegate domain-wide authority to the service account

Complete the following steps to delegate domain-wide authority:

1

Open the Google Admin console (opens new window) and go to Menu > Security > Access and data control > API Controls.

2

Select Manage Domain Wide Delegation in the Domain wide delegation pane.

3

Click Add new.

4

Enter the service account’s Client ID in the Client ID field. You can find your service account's client ID on the Service accounts page (opens new window).

5

Enter the required scopes in the OAuth scopes field. For this connector, include the following scope:

  • https://www.googleapis.com/auth/ediscovery.
6

Click Authorize.

# Create a connection to Google Vault on Workato

Workato supports JWT authentication to connect to Google Vault.

Complete the following steps to connect Google Vault to Workato:

1

Click Create > Connection.

2

Search for and select Google Vault on the New connection page.

3

Provide a name for your connection in the Connection name field.

Google Vault connectionGoogle Vault connection

4

Use the Location drop-down menu to select the project where you plan to store the connection.

5

Enter your service account email address in the Issuer field.

6

Paste the private key from the downloaded JSON file in the Private key field.

7

Enter the user email address that serves as the primary subject of the JWT in the Email address field.

8

Click Sign in with Google to complete the connection.


Last updated: 1/27/2025, 5:26:54 PM