DelegatedServiceAccounts Parameter (Connect-GoogleDirectory Cmdlet)
A space-delimited list of service account emails for delegated requests.
Syntax
Connect-GoogleDirectory -DelegatedServiceAccounts string
Data Type
cstr
Default Value
""
Remarks
The service account emails must be specified in a space-delimited list.
Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain.
The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the requesting service account. The requesting service account is the one specified in the RequestingServiceAccount property.
Note that for delegated requests, the requesting service account must have the permission iam.serviceAccounts.getAccessToken, which can also be granted through the serviceAccountTokenCreator role.