Prepare Google's G Suite For Riva On-Premise

  • Updated

Audience: Messaging Team.

Riva On-Premise is designed to use a single connection to a G Suite system. Using this configuration, the Riva sync service uses the credentials of the "connection user" to IMPERSONATE into the mailbox of each "target" user with whom Riva syncs data for. The Riva connection for Google must use the Gmail login.

Trust must be produced between Riva On-Premise and G Suite with a signed certificate and API configurations.


Riva On-Premise supports Google API to establish a connection. The purpose of this article is to describe the preparation work required for a Google Web Services connection for a Riva On-Premise server.

System requirements and preparations for Google connections include:

Supported Google editions

Riva uses Google Web Services to connect to G Suite.

Riva supports free Gmail and all editions of G Suite: Basic, Business, and Enterprise.

Firewall requirements

Ensure that Windows and corporate firewalls are configured to permit the Riva server access to create a G Suite connection (Port 443). See Firewall settings for Riva.

Create a Google Development Project

A Google Development Project includes all of the necessary Application Programming Interfaces (APIs), certificates, and authentication needed for Riva On-Premise to connect to G Suite and synchronize data. This includes giving access to the developer console, creating a development project, and issuing a trusted certificate to be stored on the Riva On-Premise server.

Creating a project includes creating the needed APIs for Riva to be able to connect and synchronize data, as well as issuing a certificate that provides the trust needed between G Suite and the Riva On-Premise server.

To create a Google development project:

  1. Log in to with the credentials of the developer account to be used with Riva. Recommended:

  2. Choose Select a project, and choose New project.

  3. Give the project a unique name, for example, "Riva Sync", and select Create.


    The Console's right pane pane displays the Library, which includes a Search bar for Google APIs.

  5. In the Search bar, search for people. Among the search results, select Google People API.

  6. Select Enable and, to its left, the back button.

  7. Likewise, select Google Calendar APITasks APIGmail API, and Google+ API; and in each case, select Enable.

  8. In the left pane, select Credentials. In the right pane, select Create credentials.

  9. When the Create credentials options appear, select the Service account key.

  10. Select New service account.

  11. Select P12 as the Key type, and select Create.

    This generates the following:

    • A trusted certificate to install on the Riva On-Premise server.

    • A password for the public/private key pair that will be used to create the connection to G Suite.

    Important: Be sure to save the trusted certificate and the password in a secure place.


  12. Save the public/private key pair in a secure location, remember the password, and select Close.

    Note: Google has provided guidelines on how to manage and store service account keys securely.

  13. Select Manage service accounts.

  14. Select three-vertical-dots.png, and choose Edit.

  15. Select Enable G Suite Domain-wide Delegation, and select SAVE.

  16. Select View Client ID.

  17. Take note of the Client ID and Email address, as they are required when creating your connection to Google from the Riva On-Premise server. Select Save.

  18. Log in to the Riva On-Premise server.

  19. Copy the certificate to the Riva installation directory. By default, Riva is installed to C:\Riva.

Google Web Services

Riva needs to connect to Google Web Services, hosted on Google's email servers:

  • Riva can discover the correct Google URL from the connection user's email address.

  • API settings have to be set in the G Suite interface to allow Riva to connect properly.

Setting Google to allow for Domain-Wide Delegation

  1. Log in to

  2. From the Admin console Home page, go to the Main menu "" > Security > API controls.

  3. Below Domain-wide delegation, click Manage domain-wide delegation.

  4. On the Manage domain-wide delegation page, click Add New.

  5. In the Add a new client ID window, provide the following information:

    • Client ID

    • OAuth scopes: Copy and paste the following, as is, on a single line, with no spaces after the commas:

      For your convenience, the six scopes are listed here separately, one per line:







  6. Select Authorize.

Was this article helpful?




Article is closed for comments.