Skip to main content

Celonis Product Documentation

Connecting to Google services using custom OAuth client

This article will show you how to create your own project in Google Cloud Console and a custom OAuth client. This is useful for connecting restricted Google services, like Google Drive or Gmail, to Celonis platform.

To connect, you must have a Google account. You can create an account at accounts.google.com/signin.

The following procedure is intended for:

  • Personal use (@gmail and @googlemail.com users)

  • Internal use (Google Workspace users that prefer to use a custom OAuth client)

Configure a Google Cloud Console project

There are five steps to configure a Google Cloud Console project.

Create a Google Cloud Console project
  1. Log in to the Google Cloud Console using your Google credentials.

  2. In the top menu, click Create or select a project > New project.

  3. Enter a Project name and select the Location for your project.

  4. Click Create.

  5. In the top menu, check if your new project is selected in the Select a project dropdown. If not, select the project you just created.

    Project_Google_Console.png
Enable APIs
  1. Open the left navigation menu and go to APIs & Services > Library.

  2. Search for the APIs you need for your project.

    For information regarding specific APIs, refer to the Make Help Center for the app you are using.

  3. Click the needed API, then click Enable.

Configure your OAuth consent screen
  1. Go to APIs & Services > OAuth consent screen.

  2. Under User Type, select External.

    For more information regarding user types, refer to Google's Exceptions to verification requirements documentation.

  3. Click Create.

  4. In the App information section, enter Make as an app name and your Gmail address.

  5. In the Authorized domains section, add make.com and integromat.com.

  6. In the Developer contact information section, enter your Gmail address.

  7. Click Save and continue.

  8. In the Scopes page, click Add or remove scopes, add any desired scopes, and click Update.

    Here are some examples of scopes you may need for Gmail and Google Drive. For additional scopes, refer to the Make Help Center for the app you are using.

    Gmail

    • https://mail.google.com/

    Google Drive

    • https://www.googleapis.com/auth/drive

    • https://www.googleapis.com/auth/drive.readonly

  9. Click Save and continue.

  10. Optional: If your project will remain in the Testing publishing status, add test user emails on the Test users page, then click Save and continue.

    Note

    Important Note on Publishing Status

    Testing: If you keep your project in the Testing status, you will be required to reauthorize your connection in Celonis platform every week. To avoid weekly reauthorization, update the project status to In production.

    In production: If you update your project to the In production status, you will not be required to reauthorize the connection weekly. To update your project's status, go to the OAuth consent screen and click Publish app. If you see the notice Needs verification, you can choose whether to go through the Google verification process for the app or to connect to your unverified app. Currently connecting to unverified apps works in Make, but we cannot guarantee the Google will allow connections to unverified apps for an indefinite period.

    For more information, please see our further documentation regarding Status Code Error: 400 or the Celonis platform Community instructions.Common Problems

Create your client credentials
  1. In the left sidebar, click Credentials.

  2. Click + Create Credentials > OAuth client ID.

    Create_credentials_google_console.png
  3. In the Application type dropdown, select Web application.

  4. Update the Name of your OAuth client. This will help you identify it in the console.

  5. In the Authorized redirect URIs section, click + Add URI and enter the redirect URI.

    Here are some examples of redirect URIs you may need. For additional redirect URIs, refer to the Make Help Center for the app you are using.

    • https://www.integromat.com/oauth/cb/google-restricted - for Gmail or Google Drive

    • https://www.integromat.com/oauth/cb/google-custom - for Google Cloud Text-to-Speech

    • https://www.integromat.com/oauth/cb/google-cloud-speech - for Google Cloud Speech

    • https://www.integromat.com/oauth/cb/youtube - for YouTube

    • https://www.integromat.com/oauth/cb/app - for any app created via Celonis platform Developer Platform

    • https://www.integromat.com/oauth/cb/google - for other Google apps

  6. Click Create.

  7. Copy your Client ID and Client secret values and store them in a safe place.

You will use these values in the Client ID and Client Secret fields in Celonis platform.

Establish the connection in Celonis platform

To establish the connection in Celonis platform:

  1. Log in to your Celonis platform account, add a Google app module to your Action Flow, and click Create a connection.

  2. Optional: In the Connection name field, enter a name for the connection.

  3. Switch on the Show advanced settings toggle and enter your Google Cloud Console project client credentials.

  4. Click Sign in with Google.

  5. If prompted, authenticate your account and confirm access.

You have successfully established the connection. You can now edit your Action Flow and add more modules. If your connection requires reauthorization at any point, follow the connection renewal steps here.Connect an application

Common Problems

This happens rarely, but when it does, we recommend creating another OAuth client.

If this error message appears, you need to enable the corresponding API in your Google Cloud Platform.

61d5ae8624010.png
61d5ae8733e63.png

Google has added the required settings for the Consent screen. You'll need to add the email address associated with the Google account you want to connect with Celonis platform as a Test user.

  1. Sign in to the Google Cloud Platform using your Google credentials.

  2. Go to APIs & Services > OAuth consent screen.

  3. In the Test Users section, click Add users to add a test user. Enter the email address associated with the Google account you want to connect with Celonis platform, and click Save.

    61d5ae88bf8bf.gif
  4. Now, go to Celonis platform, and connect to the desired Google service.

Your connection has expired and is no longer valid. You need to reauthorize the connection.

This error affects non-Google Workspace accounts. For more details please refer to the Google OAuth documentation.

Due to Google's updated security policy, unpublished apps can only have a 7-day authorization period. After the OAuth security token expires, the connection is no longer authorized and any module relying on it will fail.

Solution

Option 1:

To avoid weekly reauthorization, you can update the publishing status of your project.

If you update your project to the In production status, you will not be required to reauthorize the connection weekly.

Change the status of your project by following these steps:

  1. Log in to the Google Cloud console.

  2. Navigate to the Oauth consent screen.

  3. Click the Publish app button next to your app.

  4. If you see the notice Needs verification, you can choose whether to go through the Google verification process for the app or to connect to your unverified app. Currently connecting to unverified apps works in Celonis platform, but we cannot guarantee the Google will allow connections to unverified apps for an indefinite period.

For more information regarding publishing statuses, refer to the Publishing status section of Google's Setting up your OAuth consent screen help and our Community page.

Option 2

If you keep your project in the Testing status, you will be required to reauthorize your connection in Celonis platform every week.

Reauthorize your Google connection by following these steps:

  1. Log in to Celonis platform.

  2. Go to Connections.

  3. Find your Google connection and click Reauthorize button.

    Note

    To prevent the expiration of your Google connection, we suggest you to reauthorize the connection every week.