Z2Gsync
Google Workspace Setup & Permissions
A comprehensive step-by-step guide to configuring and authorizing your synchronization environment for Zimbra to Google migration.
1. Google Workspace Initialization
https://console.cloud.google.com/projectcreate
Project Name: Zimbra-Gmail-Migration
2. Project Selection
* Navigate to the project selector
** Select the newly created migration project
3. APIs & Services Dashboard
https://console.cloud.google.com/apis/dashboard
* Click “Enable APIs & Services”
Activate the following components:
– Google Calendar API
– Google Tasks API
– People API
– Gmail API
– Admin SDK API
4. IAM & Service Account
https://console.cloud.google.com/iam-admin/serviceaccounts
* Access “Service Accounts”
** Create Service Account
– Name: zimbra-sync
* Click “Create and Continue”
– Role: Owner
* Click “Done”
Account ID: 1136458713715197223475. Security JSON Management
* Identify the service account
** Click Three Dots -> Manage Keys
* Click “Add Key”
** Create new key -> Select JSON
Important: Save “service-account.json” immediately. It is only available for download once.
6. Domain-Wide Delegation
https://admin.google.com/ac/owl/domainwidedelegation
* Security Settings
** Access and data control
*** API controls
**** MANAGE DOMAIN WIDE DELEGATION
Add new client with the following details:
113645871371519722347Scopes to add:
https://mail.google.com/, https://www.googleapis.com/auth/admin.directory.group, https://www.googleapis.com/auth/admin.directory.group.member, https://www.googleapis.com/auth/admin.directory.resource.calendar, https://www.googleapis.com/auth/admin.directory.user, https://www.googleapis.com/auth/admin.directory.user.readonly, https://www.googleapis.com/auth/apps.groups.migration, https://www.googleapis.com/auth/calendar, https://www.googleapis.com/auth/calendar.readonly, https://www.googleapis.com/auth/contacts, https://www.googleapis.com/auth/contacts.other.readonly, https://www.googleapis.com/auth/contacts.readonly, https://www.googleapis.com/auth/directory.readonly, https://www.googleapis.com/auth/drive, https://www.googleapis.com/auth/drive.file, https://www.googleapis.com/auth/drive.appdata, https://www.googleapis.com/auth/email.migration, https://www.googleapis.com/auth/forms, https://www.googleapis.com/auth/gmail.compose, https://www.googleapis.com/auth/gmail.insert, https://www.googleapis.com/auth/gmail.labels, https://www.googleapis.com/auth/gmail.modify, https://www.googleapis.com/auth/gmail.readonly, https://www.googleapis.com/auth/gmail.settings.basic, https://www.googleapis.com/auth/gmail.settings.sharing, https://www.googleapis.com/auth/tasks, https://www.googleapis.com/auth/user.addresses.read, https://www.googleapis.com/auth/user.emails.read, https://www.googleapis.com/auth/user.gender.read, https://www.googleapis.com/auth/user.organization.read, https://www.googleapis.com/auth/user.phonenumbers.read, https://www.googleapis.com/auth/userinfo.email, https://www.googleapis.com/auth/userinfo.profile, http://sites.google.com/feeds7. Mailbox Delegation Settings
https://admin.google.com/ac/apps/gmail/usersettings
* Apps → Google Workspace → Gmail → User Settings
** Scroll to Mail Delegation
*** Enable: “Let users delegate access to their mailbox to other users in the domain”