Here’s some simple instructions written to help those who manage multiple G Suite client accounts.
I use a linux G Cloud compute VM to run my GAM administration. So all the instructions are written for linux but you can find the other OS syntax on the GAM wiki.
These instructions assume you have already set up GAM for your own G Suite domain.
TIP: I use a Google Sheet that has all the clients information so I can switch between the commands with minimal typing. I have made a public version which i'll update periodically here for you to use.
Each client needs their own OAUTH.txt file, the default when you set up is oauth2.txt and GAM won’t override this with new data so you need to create a new OAuth file for each new client. This is simple:
Where “mydomain.com” is your client's domain for easy switching.
Now to authorise your clents OAuth file for use:
You will be asked to give the super admin email address of the client's account, enter this in:
Press ‘C’ to continue with the scopes already selected
You will be redirected to a webpage or given a long URL to use which will display the verifycation code, copy this link into a browser if needed and authenticate with the domain super user account.
Accept access required in the authentication screen:
Then copy and paste the Auth key into your GAM session”
Once you paste the verification code in, it will check the scopes and make sure they have been enabled. If this is a new client account they should not be enabled and will show FAIL, this is normal as we will enable them in the next step.
Copy the URL and log into your client's account with a super admin account.
Then copy the client ID and scopes and paste them into the corresponding fields:
Click the authorise button to save.
Now go back to your GAM session, and rerun the command:
gam user firstname.lastname@example.org check serviceaccount
All the scopes will now PASS.
When you're switching between clients simply change the key file variable and start working.
To set the oauth variable to use your next clients key file use the command:
Where everything after the equals ‘=’ sign is the name of your oauth txt file. If you’re using my GSheet cheat sheet then it’s already set as the client domain
Then if you want to check it to make sure you're using the correct key file before starting any admin tasks use the command:
gam oauth info
And you will see the superuser account for the client domain down the bottom.
Now you're ready to start your admin tasks.