If a Google Workspace organization has limited the ability to install Google Workspace applications, a few extra steps need to be taken by a Google Workspace admin to allow signing into Gem. If you try to sign in, you’ll see the authorization error “Error 400: admin_policy_enforced”.
If you’re not a Google Workspace admin, you can share this article with someone who is, though there’s a good chance they’ll already know how to configure things correctly.
Allowing the Gem app to have API access
To allow users to sign into Gem, you’ll need to configure it to have API access through the Google Workspace Security Admin Portal.
- Select the API controls section at the bottom.
- Select the Manage Third-Party App Access button.
- Select the Configure new app button.
- In the next window that appears, search for the name “Gem” - it should be the first result that appears. Make sure the Client ID matches which is 58431258424-k57jbgkusp2u1akuqb7rd060v72ar6g3.apps.googleusercontent.com. Once you’ve found it, select it.
- On the next step, you can either allow the entire organization to access the app or specific org units. Once you’ve chosen an option, select Continue.
- Select Trusted and then the Continue button. This doesn’t mean we get access to everything, it only means we can now request access to use specific APIs. If you know that your organization will only be utilizing a subset of the available permissions, you can select Specific Google data and select the scopes that you need.
- On the last step, you’ll just review all the settings you just configured. If everything looks good, select the Finish button.
Once you’ve done that, users should now be able to sign into Gem.
Have any issues or questions on this topic? Please feel free to contact your dedicated Gem Customer Success Manager directly or our Support team at support@gem.com.