Neowit supports synchronization of calendar events using the Google Calendar API. Neowit runs natively on Google Cloud Platform, and uses Workload Identity to authenticate towards Google APIs.
In order for Neowit to access the Google Calendar API of your Google Workspace organization, you need to grant us delegated access to a Service Account which in turn has Domain Wide Delegation access to the Google Calendar APIs.
We recommend that you create a new project in the Google API Console when following the guide below. This makes it easier to revoke your authorization by deleting this project.
In summary, these are steps required to setup the Calendar API synchronization:
- Google Cloud Platform: Create a Project and Service Account
- Google Workspace: Setup Domain Wide Delegation and a User to Impersonate.
Prerequisites
- A Neowit administrator account.
- A Google Workspace account with Super Admin role, or custom role with the necessary privileges.
Configuring Google Cloud Platform
A Google Cloud Console Project is required in order for Neowit to be able to access the Google Calendar API. This guide describes the following steps:
- Creating a Project.
- Enabling the Google Calendar API in the project.
- Creating a Service Account used to access the Google Calendar API.
Create a Project
Follow these steps to create a new Google Cloud Console project:
- Navigate to https://console.cloud.google.com/.
- Open the menu and select IAM & Admin -> Create a Project.
- Fill in your project name, i.e. 'Neowit Calendar Integration'.
- Click Create
Enable Google Calendar API
You will have to enable the Google Calendar API to work with the project you have created. Make sure you have selected the newly created project from the step above.
- Open the Menu, APIs & Services -> Library
- Search for the Google Calendar API, and click the resulting entry.
- Click Enable
Creating the Service Account
In order to access the Google Calendar API, we need to create a Service Account which can be accessed by our Workload Identity service account. Make sure you’ve selected the correct project.
- Open the Menu, Select IAM & Admin -> Service Accounts
- Click Create Service Account.
- Give the new service account a name, id and click Done.
- Click on the newly created service account and note the following details.
- Email: This address will be needed for setting up the integration in the Neowit app once we’re done.
- Unique ID: This id will be used when configuring Domain Wide Delegation
- Select the Permissions tab and click Grant Access.
- Set the New Principals fields to neowit-calendar-sa-486@compact-record-401710.iam.gserviceaccount.com
- Set the Role to Service Account Token Creator
- Click Save
Configuring Google Workspace
The goal of this section is to allow the newly created service account to access the Google Calendar API using Domain Wide Delegation and create an account to impersonate when accessing the calendar.
Enable Domain Wide Delegation
- Login to https://admin.google.com/.
- Open the Menu, and Navigate to Security -> Access and data control -> API Controls.
- Click Manage Domain Wide Delegation.
- Click Add new.
- Insert the Unique ID field from the Service Account you created in Google Cloud Platform as the Client ID and restrict our OAuth scopes to:
- https://www.googleapis.com/auth/calendar - Gives us access to read and write calendars organization-wide.
- https://www.googleapis.com/auth/admin.directory.resource.calendar.readonly - Scope for only retrieving calendar resources
- Click Authorize.
Creating an account for user impersonation
Create a dedicated user who can manage all calendar resources. See the Google support article, Add users individually for instructions on how to add this user. The user needs to have enough privileges to read and write to all the calendar resources.
Configuring the Neowit App
The last step is to set up the Google Workspace integration in the Neowit app.
- Navigate to https://app.neowit.io/settings/integrations
- Click the + button to create a new integration
- Click on the Google Workspace Calendar card
- Insert the Email of the Service Account created above in the Service Account field.
- Insert the email of the user to impersonate in the Impersonate User field.
- Click Add.
Removing the integration
- Navigate to https://app.neowit.io/settings/integrations
- Find the Google Workspace integration and delete it.
- Navigate to https://console.cloud.google.com/
- Make sure you’ve selected the project you created above.
- Open the menu and select IAM & Admin -> Service Accounts.
- Delete the Service Account you’ve created.
- Open the menu and select IAM & Admin -> Settings.
- If the project was created for the sole purpose of this integration and has not been used for anything else, click Shutdown.
Troubleshooting
Unable to authenticate / connect the integration
If some of the steps above were done incorrectly, the integration may fail to access the calendar resources. Please verify that you’ve followed the steps carefully and correct any mistakes.
It may take some time for changes made to propagate through the Google Workspace / Google Cloud Platform, so if you’ve made changes, take a coffee break before trying again. We’ve seen delays of up to one hour for changes to propagate.