How to use latest version of GAM across multiple G Suite subscriptions?

1,649 views
Skip to first unread message

Matthew Long

unread,
Apr 26, 2017, 10:33:06 AM4/26/17
to GAM for G Suite
I've been using GAM as long as I can remember (7 years in the G Suite business) and it's been indispensable. However, I am finding the documentation to be very unclear regarding initial setup, particularly when configuring it for multiple G Suite subscriptions.

Can someone explain to me which steps only need to be completed one time (I believe the Google Developer project only needs to be setup once?) and what steps must be done per G Suite subscription?

For example, do I need to enable API access and/or add the authorized API client to each individual subscription, or do I simply need to generate a separate oauth.txt for each subscription and that's all?

If someone could help me with this I'd love to spend 10-20 min writing a nice tutorial that hopefully could be published in the official wiki, it seems setting up with multiple subscriptions is not listed anywhere from what I can tell, and searching for it seems to find no useful results.

Thanks!


Jay Lee

unread,
Apr 26, 2017, 10:41:18 AM4/26/17
to google-ap...@googlegroups.com
Just create one project. You can switch admins by setting the OAUTHFILE variable.

There's no reason you can't utilize one service account for each of your domains, just be aware that the oauth2.service.json file then provides access to ALL of your many domain's user data. In the wrong hands that could be very bad. Keep the file secured on a compute you trust.


--
You received this message because you are subscribed to the Google Groups "GAM for G Suite" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-manager+unsub...@googlegroups.com.
To post to this group, send email to google-apps-manager@googlegroups.com.
Visit this group at https://groups.google.com/group/google-apps-manager.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/4da93581-a47b-4d8d-8e4e-ff25fadbf969%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Kris Hogh

unread,
Jul 19, 2017, 2:47:39 PM7/19/17
to GAM for G Suite
I agree, I would love to help you on that if you need.

@jay I have set the oauth file but then you get the domain info and it's still not the new domain... I try to create a new oauth.txt file but it says I have already authorised and it won't overwrite, even in a new directory! :S

Ross Scroggs

unread,
Jul 20, 2017, 11:18:28 AM7/20/17
to google-ap...@googlegroups.com
Matthew,

GAMADV-X (https://github.com/taers232c/GAMADV-X) has support for multi-client/domain configurations.
The Gam executable directory is separate from the Gam configuration directory and there is a configuration file that contains all Gam settings.

For these examples, the Gam executable directory is C:\GAM and the Gam configuration directory is C:\GamCfg.

Example 1: Three clients with distinct client_secrets.json, oauth2service.json and oauth2.txt files.

There are three subdirectories under C:\GamCfg each containing client_secrets.json, oauth2service.json and oauth2.txt files.
   C:\GamCfg\ClientA
   C:\GamCfg\ClientB
   C:\GamCfg\ClientC

These are the relevant portions of gam.cfg
[DEFAULT]
config_dir = C:\GamCfg
client_secrets_json = client_secrets.json
oauth2_txt = oauth2.txt
oauth2service_json = oauth2service.json
section = ClientA
[ClientA]
domain = clienta.com
customer_id = Caaa11111
config_dir = ClientA
[ClientB]
domain = clientb.com
customer_id = Cbbb22222
config_dir = ClientB
[ClientC]
domain = clientc.com
customer_id = Cccc33333
config_dir = ClientC

The config_dir setting in each [ClientX] section is relative and is appended to the config_dir setting in the [DEFAULT] section.

Example 2: Three clients with common client_secrets.json and oauth2service.json files and distinct oauth2.txt files.

The C:\GamCfg directory contains the common client_secrets.json and oauth2service.json files.
There are three subdirectories under C:\GamCfg each containing a distinct oauth2.txt file.
   C:\GamCfg\ClientA
   C:\GamCfg\ClientB
   C:\GamCfg\ClientC

Theee are the relevant portions of gam.cfg
[DEFAULT]
config_dir = C:\GamCfg
client_secrets_json = client_secrets.json
oauth2_txt = oauth2.txt
oauth2service_json = oauth2service.json
section = ClientA
[ClientA]
domain = clienta.com
customer_id = Caaa11111
oauth2.txt = ClientA\oauth2.txt
[ClientB]
domain = clientb.com
customer_id = Cbbb22222
oauth2.txt = ClientB\oauth2.txt
[ClientC]
domain = clientc.com
customer_id = Cccc33333
oauth2.txt = ClientC\oauth2.txt

Your main client is ClientA as specified in [DEFAULT] section = ClientA.

To get information about your main client, don't select a section.
        gam info domain
Google Apps Domain: clienta.com
Customer ID: Caaa11111
...
To get information about another client, select a section.
        gam select ClientB info domain
Google Apps Domain: ClientB.com
Customer ID: Cbbb22222
...
        gam select ClientC info domain
Google Apps Domain: clientc.com
Customer ID: Cccc33333
...

Suppose you want to work with ClientB for a while, then switch to ClientC but don't want to keep typing gam select.
        gam select ClientB save
GAM sets section = ClientB in the DEFAULT section, updates gam.cfg, selects ClientB for this and subsequent gam commands so you don't have to use select <Section> argument.
        gam info user admin
...

When it's time to switch to ClientC, select and save the section.
        gam select ClientC save
GAM sets section = ClientC in the DEFAULT section, updates gam.cfg, selects ClientC for this and subsequent gam commands so you don't have to use select <Section> argument.
        gam info user admin
...

If you have to switch to ClientA for a single command, select ClientA, but don't save it, further commands without a select will be ClientC.
        gam select ClientA info user admin
...
        gam info user admin
...

Ross

--
You received this message because you are subscribed to the Google Groups "GAM for G Suite" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To post to this group, send email to google-ap...@googlegroups.com.

Kris Hogh

unread,
Jul 23, 2017, 8:14:42 AM7/23/17
to GAM for G Suite
Hi Matthew,

I wrote some instructions and started a cheat sheet that dynamically updates all the commands based on your client list. Please check it out here and let me know any improvements.


Jay if you would like happy to add this to your wiki too if it will help others.


On Thursday, April 27, 2017 at 12:33:06 AM UTC+10, Matthew Long wrote:

+KimNilsson

unread,
Jul 23, 2017, 8:50:23 PM7/23/17
to GAM for G Suite
The multiple domain setup in Ross' GAMADV-X is awesome.
I also use Google's Cloud Console shell for my most of my GAM consulting work, and with my list of domains growing past 10, it's so easy to use with select, without the need of remembering to run export before and after using it. It also let's me set any abbreviation as the select trigger word, instead of sometimes really long domain names, with one or more subdomains.
Reply all
Reply to author
Forward
0 new messages