# Domain-Wide Delegation Setup Guide

## Where to Find Domain-Wide Delegation

### Step 1: Go to Service Accounts
From the IAM page you're currently on:

1. In the left navigation menu, click on **"Service accounts"** (under "IAM and admin")
   - Or go directly to: https://console.cloud.google.com/iam-admin/serviceaccounts

### Step 2: Select Your Service Account
2. Find and click on your service account: **"El Paraiso Drive Transfer"**
   - Email: `el-paraiso-drive-transfer@mapa-289019.iam.gserviceaccount.com`

### Step 3: Enable Domain-Wide Delegation
3. In the service account details page, you'll see:
   - **"Details"** tab (default)
   - **"Permissions"** tab
   - **"Keys"** tab
   - **"Show domain-wide delegation"** section

4. Click on **"Show domain-wide delegation"** or look for a checkbox/section that says:
   - "Enable Google Workspace Domain-wide Delegation"
   - Or "Enable G Suite Domain-wide Delegation"

5. Check the box to **enable domain-wide delegation**

6. **Note the Client ID** - You'll need this number for the next step

### Step 4: Authorize in Google Workspace Admin
After enabling in Cloud Console, you need to authorize it in Google Workspace Admin:

1. Go to **Google Admin Console**: https://admin.google.com
2. Navigate to: **Security** → **API Controls** → **Domain-wide Delegation**
3. Click **"Add new"** or **"Manage Domain-wide Delegation"**
4. Enter:
   - **Client ID**: (The number from Step 3)
   - **OAuth Scopes**: 
     ```
     https://www.googleapis.com/auth/drive
     ```
5. Click **"Authorize"**

## Alternative: Direct Links

**Service Accounts Page:**
https://console.cloud.google.com/iam-admin/serviceaccounts?project=mapa-289019

**Your Service Account:**
https://console.cloud.google.com/iam-admin/serviceaccounts/details/[SERVICE_ACCOUNT_ID]?project=mapa-289019

**Google Workspace Domain-wide Delegation:**
https://admin.google.com/ac/owl

## What You'll See

When you click on your service account, the page should show:
- Service account details
- A section for "Domain-wide delegation"
- A checkbox or toggle to enable it
- The Client ID (a long number like: `123456789012345678901`)

## Troubleshooting

**Can't find "Domain-wide delegation" option:**
- Make sure you're viewing the service account details page (click on the service account name)
- Look for "Show domain-wide delegation" link or section
- It might be under "Advanced settings" or "Show more"

**"You don't have permission":**
- You need to be a project owner or have "Service Account Admin" role
- Or ask the project owner to enable it for you

**After enabling, still getting errors:**
- Make sure you've also authorized it in Google Workspace Admin Console
- Verify the Client ID matches in both places
- Check that the OAuth scope is correct: `https://www.googleapis.com/auth/drive`