Articles on: Connecting Guides

How to connect Google Workspace accounts to MailReach using Domain-Wide Delegation

This connection method lets you connect multiple Gmail accounts from your Workspace at once, if necessary. A great time-saver.

The Step-By-Step Guide - (Takes 4 min, required only once per Workspace)

Sign in to Google Cloud Platform.

Make sure you're logged in with an Admin account of the Google Workspace you want to connect to MailReach. If this is the first time you've used the Google Cloud Platform, you will need to agree to the terms of service popup.

On the dashboard, click the CREATE PROJECT button on the right 👇

In the 'Project Name' field, choose a random name (you can use the suggested one), then click Create. It can take some time to load your project.

Click on Enable APIs and Services

In the Enable APIs and services field, enter Gmail API. It should display as you type. Click on it.

Select Gmail API

Click Enable

On the left menu, click on Credentials

Click on Create credentials and then Service account

In the three fields of Service account details, put any random name, it doesn't matter. Then click on Create and continue

For "Grant this service account access to the project", leave that empty and click on Continue

Same for "Grant users access to this service account", leave that empty and lick on Done

In the bottom under "Service Accounts", on the right, click on the Pen to Edit

Copy the Unique ID (you'll paste it later in the process)

In the top menu, click on Keys

Click on Add Key > Create New Key > JSON > Create. It will download a file on your computer.

Now, in a new tab open the Google Workspace Admin. Make sure you connect to the Google workspace that contains the email account(s) you wish to connect to MailReach.

On the left menu and click on Security > Access and data control > API controls

At the bottom, click on Manage Domain-Wide Delegation

To the right of "API Clients", click on Add new

In the Client ID field, paste your Client ID (the one that you copied at Step 15)

In OAuth Scopes (comma-delimited), copy and paste the following,,

Click on Authorize

Go back on MailReach and upload the JSON file that you've downloaded earlier

Click on Next and follow the on-screen steps.


"Service account key creation is disabled" error

This is the most common error, below are two different solutions to solve that issue. Start with the Fix 1.

Fix 1

Go to and make sure you're signed in with the right Google Account (and not your personal Gmail for instance).
Find your email on the list and click on the pen icon on the far right to edit.
You need the 'Organization Policy Administrator' role assigned. You can click on Add another role if you already have one and look for 'Organization Policy Administrator'. Once it's added, click on Save. If you can't find this role precisely, that means you don't have the rights to give yourself this role. You can ask an admin to give yourself the role. If you can't ask an admin, switch to the Fix 2 below.
Then go to and make sure you're signed in with the right Google Account.
Go to the bottom > Rows per page > Select 200
Look for the policy named Disable service account key creation (it's "account key creation", not just "account creation"), then click on it to view it.
Here, the status should be: Not enforced.

Once it's done, please start the process again and it should work.

Fix 2

A solution that works is to start again from the step 1. and sign in to Google Cloud Platform but with a personal Gmail account (a inbox and not with your corporate mailbox) and then follow all the steps until the end of the process.

If none of these two solutions worked for you, please leave us a message on the chat and we'll do our best to help you.

Updated on: 30/05/2024

Was this article helpful?

Share your feedback


Thank you!