Help & Support

Managing multiple G Suite accounts with GAM

Here’s some simple instructions written to help those who manage multiple G Suite client accounts.

I use a linux G Cloud compute VM to run my GAM administration. So all the instructions are written for linux but you can find the other OS syntax on the GAM wiki.

These instructions assume you have already set up GAM for your own G Suite domain.

TIP: I use a Google Sheet that has all the clients information so I can switch between the commands with minimal typing. I have made a public version which i'll update periodically here for you to use.

Create OAUTH file for your client

Each client needs their own OAUTH.txt file, the default when you set up is oauth2.txt and GAM won’t override this with new data so you need to create a new OAuth file for each new client. This is simple:

  1. Start off in your GAM directory

eg.

cd bin/gam

  1. In your GAM session, run the command to change the OAuth variable to a new file for use with your client

eg.

export OAUTHFILE=oauth.txt-mydomain.com

Where “mydomain.com” is your client's domain for easy switching.

Authorise GAM for your client

Now to authorise your clents OAuth file for use:

  1. Run gam oauth create

You will be asked to give the super admin email address of the client's account, enter this in:

Press ‘C’ to continue with the scopes already selected

You will be redirected to a webpage or given a long URL to use which will display the verifycation code, copy this link into a browser if needed and authenticate with the domain super user account.

Accept access required in the authentication screen:

Then copy and paste the Auth key into your GAM session”

Once you paste the verification code in, it will check the scopes and make sure they have been enabled. If this is a new client account they should not be enabled and will show FAIL, this is normal as we will enable them in the next step.

Copy the URL and log into your client's account with a super admin account.

Then copy the client ID and scopes and paste them into the corresponding fields:

Click the authorise button to save.

Now go back to your GAM session, and rerun the command:

Eg.

gam user user@mydomain.com check serviceaccount

All the scopes will now PASS.

To switch to your client key:

When you're switching between clients simply change the key file variable and start working.

To set the oauth variable to use your next clients key file use the command:

export OAUTHFILE=oauth.txt-mydomain.com

Where everything after the equals ‘=’ sign is the name of your oauth txt file. If you’re using my GSheet cheat sheet then it’s already set as the client domain

Then if you want to check it to make sure you're using the correct key file before starting any admin tasks use the command:

gam oauth info

And you will see the superuser account for the client domain down the bottom.

Now you're ready to start your admin tasks.

Enjoy.

Back to help