Connecting to Google services using custom OAuth client
This article will show you how to create your own project in Google Cloud Platform and a custom OAuth client. This is useful for connecting restricted Google services, like Google Drive or Gmail, to Celonis platform.
To connect, you must have a Google account. You can create an account at accounts.google.com/signin.
The following procedure is intended for:
Personal use (@gmail and @googlemail.com users)
Internal use (Google Workspace users that prefer to use a custom OAuth client)
Configure a Google Cloud Platform project
There are five steps to configure a Google Cloud Platform project.
Create a Google Cloud Platform project
Log in to the Google Cloud Platform using your Google credentials.
On the welcome page, click Create or select a project > New project.
Enter a Project name and select the Location for your project.
Click Create.
In the top menu, check if your new project is selected in the Select a project dropdown.
Note
To create a new project or work in the existing one, you need to have the serviceusage.services.enable permission. If you don’t have this permission, ask the Google Cloud Platform Project Owner or Project IAM Admin to grant it to you.
Enable APIs
Open the left navigation menu and go to APIs & Services > Library.
Search for the APIs you need for your project.
For information regarding specific APIs, refer to the Make Help Center for the app you are using.
Click the relevant API, then click Enable.
Configure your OAuth consent screen
In the left sidebar, click Google Auth Platform.
Note
If you don't see Google Auth Platform in the left sidebar, click View all products at the top of it, then pin Google Auth Platform to the sidebar.
Click Get Started.
In the Overview section, under App information, enter Make as the app name and provide your Gmail address. Click Next.
Under Audience, select External.
For more information regarding user types, refer to Google's Exceptions to verification requirements documentation.
Under Contact Information, enter your Gmail address..
Under Finish, agree to the Google User Data Policy.
Click Continue > Create.
In the Branding section, under Authorized domains, add
make.comandintegromat.com. Click Save.Optional: In the Audience section, add your Gmail address on the Test users page, then click Save and continue if you want the project to remain in the Testing publishing status.
In the Data Access section, click Add or remove scopes, add any desired scopes, and click Update.
Here are some examples of scopes you may need for Gmail and Google Drive.
Gmail
https://mail.google.comhttps://www.googleapis.com/auth/userinfo.email
Google Drive
https://www.googleapis.com/auth/drivehttps://www.googleapis.com/auth/drive.readonly
For additional scopes, refer to the Make Help Center for the app you are using.
Click Save.
Note
Publishing Status
Testing: If you keep your project in the Testing status, you will be required to reauthorize your connection in Celonis platform every week. To avoid weekly reauthorization, update the project status to In production.
In production: If you update your project to the In production status, you will not be required to reauthorize the connection weekly. To update your project's status, go to the Google Auth Platform, the Audience section, and click Publish app. If you see the notice Needs verification, you can choose whether to go through the Google verification process for the app or to connect to your unverified app. Currently connecting to unverified apps works in Celonis platform, but we cannot guarantee the Google will allow connections to unverified apps for an indefinite period.
For more information regarding the publishing status, refer to the Publishing status section of Google's Setting up your OAuth consent screen help.
Create your client credentials
In Google Auth Platform, click Clients.
Click + Create Client.
In the Application type dropdown, select Web application.
Update the Name of your OAuth client. This will help you identify it in the console.
In the Authorized redirect URIs section, click + Add URI and enter the redirect URI.
Here is a redirect URI you need for Gmail and Google Drive.
https://www.integromat.com/oauth/cb/google-restricted
For additional redirect URIs, refer to the Make Help Center for the app you are using.
Click Create.
Click the OAuth 2.0 Client you created, copy your Client ID and Client secret values, and store them in a safe place.
You will use these values in the Client ID and Client Secret fields in Celonis platform.
Establish the connection in Celonis platform
To establish the connection in Celonis platform:
Log in to your Celonis platform account, add a Google app module to your Action Flow, and click Create a connection.
Optional: In the Connection name field, enter a name for the connection.
Switch on the Show advanced settings toggle and enter your Google Cloud Platform project client credentials.
Click Sign in with Google.
If prompted, authenticate your account and confirm access.
You have successfully established the connection. You can now edit your Action Flow and add more modules. If your connection requires reauthorization at any point, follow the connection renewal steps here.
Common Problems
This happens rarely, but when it does, we recommend creating another OAuth client.
If this error message appears, you need to enable the corresponding API in your Google Cloud Platform.
 |
Google has added the required settings for the Consent screen. You'll need to add the email address associated with the Google account you want to connect with Celonis platform as a Test user.
Sign in to the Google Cloud Platform using your Google credentials.
Go to APIs & Services > OAuth consent screen.
In the Test Users section, click Add users to add a test user. Enter the email address associated with the Google account you want to connect with Celonis platform, and click Save.
Now, go to Celonis platform, and connect to the desired Google service.
Your connection has expired and is no longer valid. You need to reauthorize the connection.
This error affects non-Google Workspace accounts. For more details please refer to the Google OAuth documentation.
Due to Google's updated security policy, unpublished apps can only have a 7-day authorization period. After the OAuth security token expires, the connection is no longer authorized and any module relying on it will fail.
Solution
Option 1:
To avoid weekly reauthorization, you can update the publishing status of your project.
If you update your project to the In production status, you will not be required to reauthorize the connection weekly.
Change the status of your project by following these steps:
Log in to the Google Cloud console.
Navigate to the Oauth consent screen.
Click the Publish app button next to your app.
If you see the notice Needs verification, you can choose whether to go through the Google verification process for the app or to connect to your unverified app. Currently connecting to unverified apps works in Celonis platform, but we cannot guarantee the Google will allow connections to unverified apps for an indefinite period.
For more information regarding publishing statuses, refer to the Publishing status section of Google's Setting up your OAuth consent screen help and our Community page.
Option 2
If you keep your project in the Testing status, you will be required to reauthorize your connection in Celonis platform every week.
Reauthorize your Google connection by following these steps:
Log in to Celonis platform.
Go to Connections.
Find your Google connection and click Reauthorize button.
Note
To prevent the expiration of your Google connection, we suggest you to reauthorize the connection every week.