Authenticating to Google Vault API -- getting 400 response with message: "The user does not belong to a G Suite customer."

Question

I'm trying to do a simple query from the Google Vault API using JSON credentials provided from the Google API console for a service account. I'm getting a 400 response (Invalid Request / Invalid Argument) with the message:

The user does not belong to a G Suite customer.

Does anyone know what I might be doing wrong? Do I have to augment the JSON with anything to indicate our G Suite Account?

Thanks in advance.

The code's fairly straight forward:

matter_id = 'xxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx'
vault = Google::Apis::VaultV1::VaultService.new
scope = 'https://www.googleapis.com/auth/ediscovery.readonly'
vault.authorization = Google::Auth::ServiceAccountCredentials.make_creds(
  json_key_io: File.open('./xxxxxxxxxx.json'),
  scope: scope)
vault.authorization.fetch_access_token!
m = vault.get_matter(matter_id)

---

Update -- this has been resolved. You have to update sub after you create the credentials to impersonate a user.

matter_id = 'xxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx'
vault = Google::Apis::VaultV1::VaultService.new
scope = 'https://www.googleapis.com/auth/ediscovery.readonly'
credentials = Google::Auth::ServiceAccountCredentials.make_creds(
  json_key_io: File.open('./xxxxxxxxxx.json'),
  scope: scope)
credentials.update!(sub: 'user@domain.com')
vault.authorization = credentials
vault.authorization.fetch_access_token!
m = vault.get_matter(matter_id)