Error setting up authorization using G Suite [solved]


I’m setting up authorization in Spinnaker against G Suite according to these guides: but getting this error in the logs of Fiat:

Caused by: 403 Forbidden
  "code" : 403,
  "errors" : [ {
    "domain" : "global",
    "message" : "Not Authorized to access this resource/api",
    "reason" : "forbidden"
  } ],
  "message" : "Not Authorized to access this resource/api"

The service account configured in Fiat does have Domain wide Delegation and has assigned.

Does anyone have any ideas why it happens?

Update: created the issue with some screenshots since I cannot post them at this forum:




Hi wheleph, did you correctly configure the admin address / domain? Just checking that it should be an admin account that you can use to log into G Suite Admin console, not the service account.


@Stephen_Chen yes, I think so. Here’re the screenshots of my setup:


Another screenshot:


@wheleph Ah, sorry I meant the halyard configuration. Your service account access looks correct.

hal config security authz google edit \
    --admin-username $ADMIN \
    --credential-path $CREDENTIALS \
    --domain $DOMAIN

Just double checking that $ADMIN is the account you logged into your G Suite Admin console, not


Thank you @Stephen_Chen it think that is it.

I put as admin username.

I’ll fix it and post an update here.


I’m trying to verify my setup with a proper account but I run into another issues: Enabling Fiat . Does someone have an idea about that one?


The issue is solved according to suggestion of @Stephen_Chen