Configuring Google Workspace for domain user authorization

This topic describes an alternative method to configuring Google Workspace for One-Touch Join in environments where the recommended method of using a service account for authorization is not desirable. This alternative method uses a domain user for authorization (referred to as the "authorization user"), which authenticates to Google Workspace using 3-legged OAuth.

The process involves the following steps, described in more detail in the sections that follow:

  1. Setting up OAuth authentication for One-Touch Join.
  2. Creating a room resource for each physical room that will have a One-Touch Join endpoint in it.
  3. Configuring the room resource with the necessary permissions and settings to support One-Touch Join.
  4. Updating the quota for the number of user requests per 100 seconds.
  5. For larger deployments, Requesting an increase to API limits.
  6. Adding a One-Touch Join Google Workspace integration on Pexip Infinity.

If you have already set up a One-Touch Join Google Workspace integration and simply wish to add an existing room to it, you need only configure the room resource in Google Workspace and then add the endpoint to the Google Workspace integration in Pexip Infinity.


You must have already created a user account specifically to be used as the Google Workspace authorization user. This user account does not need to have any special privileges; as part of the configuration described below you will grant this user access to all the One-Touch Join room resource calendars.

Next steps

You must now configure the remainder of the One-Touch Join components on Pexip Infinity, as described in Configuring Pexip Infinity for One-Touch Join.