Skip to main content

I’m trying to configure the GSuite Integration in SOAR:

  • I have created a service account and granted the SecOps “soar-python” service account access with the Service Account Token Creator.
  • I delegated domain-wide authority to this service account using the client ID and scopes from this guide: https://cloud.google.com/chronicle/docs/soar/marketplace-integrations/google-workspace#search_user_activity_events
  • I also created an admin custom role in GWS Admin Console and assign it to a new user, as described in the guide.
  • I configured the GSuite Integration in SOAR and I’m still getting the following error when using the Test button:

```

{'error': 'unauthorized_client', 'error_description': 'Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested.'}

```

  • I understand that most of the time, the issue here are the scopes assigned to the Client ID in Admin Console, that’s why I checked them multiple times and made sure they are correct.
  • What’s weird though, is that the Gmail Integration which uses very similar scopes, works when tested with the same credentials. 

 

Any ideas what could be wrong? Did anyone manage to get this configured?

 

It should be noted that I also tried with a service account key instead of Workload Identity Email and I’m getting the exact same error.

Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.