I need a documentation explaining when to use the Service Account Delegation or domain-wide delegation in Google Cloud Platform from any important source.
Looking for I couldn't find when you need/is recommended to use them in any document of a certain importance. This is a problem because one's own superior will never accept a request recommended by a nobody.
There are three areas that I use delegation. Two of these areas delegation is mandatory and for one delegation is normally used.
G Suite:
To perform actions on accounts in G Suite by a software application requires using a service account and delegation: Perform G Suite Domain-Wide Delegation of Authority
Warning: This gives a person (service account) significant power and should only be granted with consideration and where required.
Access Tokens:
To create short-lived access tokens normally uses delegation (think AWS STS): Delegated request permissions
Data Signing:
To use signing (use a service account private key) requires delegation (called impersonation in this case): Service Accounts