Updating OAuth Authorizations for the 4.1.3.x release and later

The G Suite IDM connector (Google Driver) release version 4.2 requires updates to the authorized scopes and enabled APIs for your service account to work properly.

Summary

The 4.1.3.1 and later releases add administrative role management features to user objects. This requires that the role management API scope be authorized for your service account. Also, to prepare for future releases, additional scopes and an API must be enabled.
Scopes to be added:

...

The Gmail API needs to be enabled in your developer console (the project from which the service account the driver uses was created).

Adding the scopes

In the release files, there will be a text file called "DirectoryScopes.txt". This file contains a comma-separated list of scopes required by the G Suite IDM connector. Please note that this file is updated from previous releases. Please ensure that you are using the most current version which contains the additional scopes mentioned above. A full list of scopes can be found at the end of this document.

...

Re-add the authorization with the updated scopes list. To do this, past the client name from the previous step into the Client Name box. Copy the scope list from the DirectoryScopes.txt file (please be aware that the scope list MUST be in plain text. Copy/paste from a web page or document will include unwelcome meta data and may result in a non-functional system) and paste it into the "one or more API scopes" box, then click Authorize.

Enabling Gmail API

Log into your developer console at https://console.developers.google.com

...

Search for Gmail API

Select the Gmail API

Enable the API

Authorized Scope List

This is the complete authorized scope list as of this release. Do not copy and paste this list. Download the scopes file from here. 

...