Google Service Account Authentication
Set up shared Google service account authentication for Google Docs, Google Drive, and Google Sheets.
Use this guide when you connect a Google integration in Kognitos with Client Email, Token URI, and Private Key instead of Continue with Google.
You can create one Google service account in Google Cloud and reuse it across these integrations:
Service account authentication is available for Google Docs, Google Drive, and Google Sheets. Gmail, Google Calendar, and Google Chat use OAuth instead. For OAuth setup, see Google Authentication.
Before You Start
Make sure you have:
Access to a Google Cloud project, or permission to create one
Permission to create service accounts and download service account keys
Access to the Google files, folders, and spreadsheets you want Kognitos to use
Access to the Kognitos workspace where you want to add the connection
A service account does not automatically inherit access to your Google Workspace content. You must explicitly share the Google Docs documents, Drive folders, or Sheets files with the service account email.
Set Up the Service Account in Google Cloud
Create or select a Google Cloud project
In Google Cloud Console, create a new project or open an existing one that will own the service account.
Enable the APIs you need
In APIs & Services → Library, enable the APIs for the integrations you plan to use:
Google Docs API and Google Drive API
Google Drive API
Google Sheets API
If you plan to use several Google integrations, enable all of their APIs in the same project.
Create the service account
In Google Cloud, go to IAM & Admin → Service Accounts, then click Create service account.
Enter a clear service account name, such as kognitos-google-integrations, review the generated service account ID, then click Done or finish the remaining prompts.
Create and download a JSON key
From IAM & Admin → Service Accounts, locate the service account you just created.
Then use one of these console paths, depending on the Google Cloud UI you see:
Open the Actions menu for the service account, click Manage keys, then click Add key → Create new key
Or click the service account email address, open the Keys tab, then click Add key → Create new key
Select JSON as the key type, then click Create. Google downloads the JSON key file to your machine.
Google's IAM documentation still describes the Keys tab flow. In some current console layouts, the same flow appears under the service account's Actions menu as Manage keys.
Treat the JSON key like a password. Anyone with that file can use the service account until you revoke the key. After Google downloads the key file, you cannot download the same private key again.
Get the Values for Kognitos
Open the downloaded JSON key file and copy these values into Kognitos:
Client Email
client_email
Token URI
token_uri
Private Key
private_key
Paste the full private key value exactly as it appears in the JSON, including the BEGIN PRIVATE KEY and END PRIVATE KEY lines.
Share Google Content with the Service Account
Before you test the connection, share the Google content Kognitos needs to access with the service account email from client_email.
For example:
Share a Google Drive folder with the service account email if your automation will create or read files there
Share a Google Docs document or its parent folder with the service account email if your automation will edit documents
Share a Google Sheets file or its parent folder with the service account email if your automation will read or update spreadsheets
Use the same sharing flow you use for any Google account:
Open the document, folder, or spreadsheet in Google Workspace.
Click Share.
Add the service account email.
Grant the level of access your automation needs.
Use the Credentials in Kognitos
After you create the service account and download its JSON key, connect each supported Google integration in Kognitos with the same credentials.
Open the integration
In Kognitos, go to Integrations → Explore Integrations, then open Google Docs, Google Drive, or Google Sheets.
Start a new connection
Click Connect, add a connection name, and choose the service account authentication option.
Enter the service account values
Paste the Client Email, Token URI, and Private Key values from the JSON key file.
Save and test the connection
Click Connect, then run a simple action to confirm the service account can access the files or folders you shared with it.
Repeat this for each supported Google integration you want to connect. You can reuse the same service account across all three integrations.
Troubleshooting
Authentication succeeds, but files are missing
Make sure the document, folder, or spreadsheet is shared with the service account email
Permission denied
Confirm the service account has the right level of access in Google Workspace
Invalid private key
Paste the full private_key value exactly as it appears in the JSON key
Access blocked by API settings
Verify that the required API is enabled in the Google Cloud project
Google Cloud does not let you create a key
Your organization might enforce the iam.disableServiceAccountKeyCreation policy. Ask your Google Cloud admin whether service account key creation is blocked for the project.
Docs integration cannot create files in a folder
Make sure the service account also has access to Google Drive, not just Google Docs
Related Integration Pages
Last updated
Was this helpful?