Setting up Domain-wide Delegation for n8n

Domain-wide Delegation allows your Service Account to act on behalf of users in your Google Workspace. This is what lets the workflow automatically suspend a Google account on the employee's last day.

Before you start, make sure you have:

• A Google Workspace admin account
• A Service Account already created in Google Cloud Console (Google's official guide →)

---

Step 1: Find your Service Account Client ID

1. Go to console.cloud.google.com
2. Go to IAM & Admin → Service Accounts
3. Click your Service Account
4. Copy the Unique ID. This is a long number, not the email address

---

Step 2: Enable Domain-wide Delegation in Google Admin

1. Go to admin.google.com
2. Go to Security → Access and data control → API controls
3. Click Manage Domain Wide Delegation
4. Click Add new
5. Paste your Service Account Unique ID into the Client ID field
6. Add the following OAuth scope: https://www.googleapis.com/auth/admin.directory.user
7. Click Authorise

---

Step 3: Wait for propagation

Domain-wide Delegation can take up to 30 minutes to take effect after being enabled. If you see an unauthorized_client error when testing your workflow, wait and try again.

---

Troubleshooting

I cannot find "Manage Domain Wide Delegation" You must be signed in as a Google Workspace super admin. Regular admin accounts do not have access to this setting.

The workflow suspends accounts in the wrong domain Make sure the WORKSPACE_DOMAIN value in your configurator matches the primary domain of your Google Workspace, not a secondary domain.