You are trying to sync email addresses with Email security.cloud service from your Google Apps tenant via Schemus synchronization tool.
Schemus authenticates to Google Apps with the OAuth2 protocol, using the Service Account email address and associated private key as credentials.
Note that although a Service Account is used for authentication, a separate Google Apps user account is required to access the group and user data.
Before Schemus can retrieve data from Google Apps, you must sign up for a Google Apps account and create an administrator. Once created, the account is managed from the Admin console at https://admin.google.com.
A service account's credentials include a unique generated email address, a public/private key pair and a Client ID.
Create the service account and key as follows:
Take note of the service account's OAuth2 Client ID and store the service account's key file in a location accessible to Schemus.
Note: The downloaded key serves as the only copy of the private key and should not be disclosed.
You can return to the API Console at https://console.developers.google.comto view the email address and Client ID or to generate additional keys.
To delegate domain-wide authority to a service account, a super administrator of the Google Workspace domain must complete the following steps:
Note: The scopes above provide read-only access to the data required by Schemus. Scopes allowing write access should not be included.
Your application now has the authority to make API calls as users in your domain (to "impersonate" users).
Note: The key file and the email address of the user to impersonate are required on the Google Apps settings page when configuring Schemus.
The service account email address is not required as it will be loaded from the JSON key file.
Note: It may be necessary to activate the API before using it for the first time with a project. To enable the API visit https://console.developers.google.com/apis/api/admin.googleapis.com/overview.