Set Up Service Account¶
The integration runs through a Service Account: a special non-human identity you create in Google Cloud that acts on behalf of your Salesforce org. It's the mechanism that allows Salesforce to authenticate with Google APIs securely, without user credentials or OAuth flows.
This page walks through setting up that Service Account, assigning the right permissions, and enabling the APIs you need.
Step 1: Create or select a Google Cloud project¶
- Open the Google Cloud Console
- Create a new project or select an existing one.
For reference: https://developers.google.com/workspace/guides/create-project
Step 2: Create a Service Account¶
- Go to IAM & Admin → Service Accounts
- Create a new Service Account
- Proceed to Step 3 before saving; you can assign roles during creation or after.
Step 3: Assign IAM Roles¶
Role assignment depends on which integrations you are enabling. Google Drive access is managed via Drive sharing (not IAM), so no roles are needed for Drive alone. AI integrations require at least one role.
| Integration | IAM Role Required |
|---|---|
| Google Workspace (Drive) | None (access is managed via Drive folder sharing) |
| Gemini API for Developers | Vertex AI User (roles/aiplatform.user) |
| Agent Platform | Vertex AI User (roles/aiplatform.user) |
To assign a role: IAM & Admin → IAM → Find your Service Account → Edit → Add Role
Note
If you are only setting up Google Drive at this stage, you can skip role assignment entirely. You can always return here and add the role later when configuring AI.
Step 4: Enable APIs¶
Enable the APIs that correspond to the integrations you plan to use. Navigate to APIs & Services → Library to search and enable each one.
| Integration | API to Enable |
|---|---|
| Google Workspace (Drive) | Google Drive API |
| Gemini API for Developers | Gemini API |
| Agent Platform | Agent Platform API / Vertex AI API |
Navigate to APIs & Services → Library to search and enable each one.
Step 5: Generate a Service Account key¶
- Open the newly created Service Account
- Navigate to the Keys tab
- Create a new JSON key (recommended; requires more setup steps) or a P12 key (simpler; fewer setup steps)
- Download and securely store the file
Once you have the key file, proceed to Configure Certificate to generate the JKS keystore and upload it to Salesforce.