Google Classroom integration
This is a guide to onboard a school on to the GC Service.
Who can access those websites and set up the Service Account?
Only the school’s IT Admin user can set up those accounts and utilize the right permissions using the school’s email’s Suite domain account.
GC Service is a background data pipeline service between Google Classroom and Firefly Systems. The GC uses service-to-service authentication, to authenticate with Google Classroom using Google Service Accounts and Google OAuth.
School IT administrators, will need to follow the two steps as listed below.
Onboarding Process
Setting up Google Workspace accounts
IT School Administrators will need to set up Google Workspace accounts. This is required for using the Google Classroom system. This is a prerequisite step for Step 2 below.
We expect School IT Administrators that use Google Classroom Service to already have Google Workspace accounts. It is a prerequisite for using Google Classroom Services. The School IT Administrator will need to use their Google Workspace email account for STEP 2.
Setting up Google Service accounts
IT school Administrators will need to create Google Service Accounts using their Google Workspace accounts.
How to Set up Google Service Accounts
Use these links to services for Setting up Google Service Account:
Who can access these websites and set up the Service Account?
Only the school’s IT Admin user can set up those accounts and utilise the right permissions using the school’s email domain account.
Step 3
Click on the IAM & Admin then select Service Accounts

A project needs to be selected before a Service Account can be created. The project can be selected in the dropdown next to Google Cloud Platform in the top left. Schools may choose to create a new project for the integration.
Step 5
In Create Service Account panel, the user will need to:
CREATE Service Account Details
Enter a display name for the account
The Service account ID will be created from the display name
Optionally enter a description for the account
Grant this service account access to the project (Optional)
Click next on this step
Grant users’ access to this service account (Optional)
Click next on this step
We will come back to the permissions in a later step.
Step 7
The user needs to specify Service Account details.
Important
Expand SHOW DOMAIN-WIDE DELEGATION and click Enable G Suite Domain-wide Delegation
In the Keys section, click ADD KEY
Create new key then choose JSON and click Create. This will generate a JSON file that needs to be shared with Firefly.
Click SAVE


STEP 8
In the Navigations Menu, go to IAM


STEP 10
If the APIs and Services are not enabled we need to enable them.
To do this click into the menu in the top left and select APIs and Services, then Dashboard and click Enable APIs and Services
Search for Google Classroom API and click enable
STEP 12
Click on SECURITY and select API Controls


STEP 13
Click on Manage Domain-Wide Delegation

STEP 14
This is the section where we control permissions for the Google classroom. You will need to Authorise your ClientID (you can find it in the JSON file).
Then input the following scopes (comma-delimited) in the “OAuth Scopes” text area and then click AUTHORISE
https://www.googleapis.com/auth/classroom.courses,
https://www.googleapis.com/auth/classroom.coursework.students,
https://www.googleapis.com/auth/classroom.rosters,
https://www.googleapis.com/auth/classroom.profile.emails
Note: these need to be added in the following format: link1,link2,link3,link4


STEP 15
Once the above steps have been completed the json file needs to be sent to Firefly along with the email address from a super admin account.
We would recommend creating a new account for this integration but it must have the super admin role.
(Note this email is different from the one on the service account)