ExSign Integration: Google Workspace OAuth Application Setup (Limited Scope / Restricted Deployment)

ExSign Email Signatures for Microsoft Exchange Server
Overview
This article provides a complete step-by-step guide to configure a Google Cloud OAuth application and required Google Workspace settings for ExSign integration. It includes OAuth setup, required scopes, credential creation, and Gmail routing (SMTP relay, host, and compliance rules).
1. Create New Project in Google Cloud
  1. Open Google Cloud Console:
     https://console.cloud.google.com/
  1. Sign in using a Google Workspace Admin account
  2. From the top menu, click Select Project
  3. Click New Project
  4. Enter a project name
  5. Click Create

2. Configure OAuth Consent Screen
  1. Open Navigation Menu (☰)

  1. Go to:
     APIs & Services → OAuth Consent Screen
  1. Click Get Started
  1. Fill in the required App Information
    • App Name
    • User Support Email
    • Developer Contact Email

  1. Click Next
  2. Select User Type: External (for organization-wide usage)
  1. Click Next
  2. Enter Contact Information
  3. Click Finish to complete the OAuth consent screen setup
3. Create OAuth Client Credentials
  1. Go to:
     APIs & Services → Credentials
  2. Click Create Credentials → Create OAuth Client 
  1. Select: 
    • Application Type: Web Application
  1. Configure: 
  1. Click Create
  2. Save the following securely: 
    • Client ID
858165626979-***************
    • Client Secret
******************VAbt
 


⚠️ These credentials are required for application authentication and must not be shared publicly.
 

Then navigate to APIs & Services and click on Enabled APIs & Services.

 
 
Next, click on Enable APIs and Services.

 
 
Search for Admin SDK API, then select it and click Enable.

 
 
 

4. Configure OAuth Scopes (Data Access)
Go to:
 OAuth Consent Screen → Data Access
This section defines what Google Workspace data the application is allowed to access.
 
4.1 Your Non-Sensitive Scopes
Non-sensitive scopes are automatically managed by Google and are considered low-risk permissions.
  • These scopes do not usually require manual approval.
  • They provide basic access for standard application functionality.
  • Review them to ensure they match expected application behavior.
👉 No manual configuration is required in most cases for this section.
 
4.2 Your Sensitive Scopes
Sensitive scopes must be added manually and require admin approval.

Add the following scopes:
 


4.3 Important Notes
  • Sensitive scopes require Google Workspace Admin consent
  • These permissions allow read-only access to directory data
  • Any missing scope may result in authentication or API permission errors
  • Ensure the OAuth app is properly authorized before production use
Article ID: 3503, , Modified: 6/11/2026 at 7:00 AM

Was this article helpful?

Share this article