How to use Google Workspace activities without Integration Service

About

You can now use the newer Google Workspace activities even if you don't have Integration Service, through GSuite Application Scope.

The Google Workspace activities designed specifically for Integration Service feature a Connection field, which enables you to choose a connection created through an Integration Service connector. When used inside GSuite Application Scope, the activities simply inherit the connection information from the Scope.

Authentication and Projects types matrix

Google Workspace
	Cloud		On-Prem
	GSuite Application Scope	Integration Service	GSuite Application Scope	Integration Service
Cross-platform
API Key
OAuth - BYOA
OAuth - UiPath App
Service Account
Windows
API Key
OAuth - BYOA
OAuth - UiPath App
Service Account

Connection methods

There are two ways to set up a connection in the GSuite Application Scope activity.

Connection method		Description	Benefits	Disadvantages
Asset Note: Recommended.		Uses an Orchestrator Asset to store the connection together with the Scope configuration. The asset is a JSON format. Every time it's used, the activity retrieves the configuration from the asset. Based on asset configuration, the Scope behaves differently; it identifies the authentication type and hides unnecessary fields. If the asset JSON isn't set properly, it prompts a validation error.	The activities benefit from design time lookups and can discover files, folders, lists, ranges, and others. The connection is easily transferable, as credentials aren't passed from one user to another in plain text. Can be configured by an Admin. It's more secure, because the credentials don’t reach the Studio workflow.	Requires an advanced user to configure the Asset. Not easy to set up by a Citizen Developer.
Properties Panel		Use the existing Properties panel to configure the connection credentials. The configuration can be added in plain text or through variables.	Easier to use. Keeps backward compatibility.
	Configuration through plain text Note: Not recommended.	Configure the Properties panel with plain text values.	The activities benefit from design time lookups and can discover files, folders, lists, ranges, and others.	Less secure, because the credentials need to be passed between users in plain text.
	Configuration through variables	Configure the properties panel with variables.	More secure, because the credentials don’t reach the Studio workflow.	The activities can't discover any resources at design time.

GSuite Application Scope - Asset format

{
    "ApiKey": "",
    "OAuth2ConnectionData": {
        "OAuth2AppData": {
            "ClientId": "",
            "ClientSecret": ""
        }
    },
    "SacConnectionData": {
        "EmailAddress": "",
        "KeyPath": "",
        "ServiceAccountEmail": "",
        "Password": "notasecret",
        "BucketId": "",
        "HasDomainWideAccess": true | false
    },
    "AuthenticationMethod": "oauth2" | "sac" | "apikey" | "is"
}{
    "ApiKey": "",
    "OAuth2ConnectionData": {
        "OAuth2AppData": {
            "ClientId": "",
            "ClientSecret": ""
        }
    },
    "SacConnectionData": {
        "EmailAddress": "",
        "KeyPath": "",
        "ServiceAccountEmail": "",
        "Password": "notasecret",
        "BucketId": "",
        "HasDomainWideAccess": true | false
    },
    "AuthenticationMethod": "oauth2" | "sac" | "apikey" | "is"
}

Limitations

The following features are not available when using activities inside GSuite Application Scope: triggers, bindings, and override experience.

Token refresh

There is no service available to refresh your connection tokens, like the one available in Integration Service.

If the Authorization Token isn't refreshed for a certain number of days, it expires, and you must reauthenticate. To avoid the expiration of authorization tokens, run a robot with that specific connection. Running an automation with the Scope activity refreshes the authorization token.