Create a Project and Service Account in Google Cloud Console
Open Google Cloud Console.
Create a new project (or select an existing project) from the top left.
Go to IAM & Admin → Service Accounts.
Create a new service account:
name it like logsign-gsuit-logs.
Go ahead and download your key (in P12 format).
You can write down the email address under the service account you created. We will use this when adding resources.
Then we need to save the OAuth 2 Client ID value that we will see on that screen.
We will use this in the next step.
Authorization from Google Workspace Admin Console (Mandatory)
To get Google logs, you need to authorize the service account from the Workspace Admin console.
Open the Admin Console.
Click Security → Access and data control → API controls → Domain-wide delegation
Add new:
In the Client ID field, write the client_id value of the service account. (OAuth 2 Client ID we received in the Service account field)
Enter the following scopes in the OAuth scopes field: (It should be as I have specified below)
Save by saying Authorize.
✅ After this step, the service account is authorized to read Workspace logs.
Then we can log in to Logsign USO and add resources.
Adding a source to Logsign USO
Settings > Data Collection > API > G Suite
You upload the P12 file you downloaded in the service account field to this field.
In the Service Account Email field, add the email address of the service you created.
User Email: It must be a user authorized by admin.google.com.
Activities: Select the log type you want to receive.
You can set the Log Start Date and write the source name and save it.