If a Google Workspace organization has limited the ability to install Google Workspace applications, a few extra steps need to be taken by a Google Workspace admin to allow signing into Gem. If you try to sign in, you’ll see the authorization error “Error 400: admin_policy_enforced”.
If you’re not a Google Workspace admin, you can share this article with someone who is, though there’s a good chance they’ll already know how to configure things correctly.
Allowing the Gem app to have API access
To allow users to sign into Gem, you’ll need to configure it to have API access through the Google Workspace Security Admin Portal.
First, select the API controls section at the bottom.
Next, select the Manage Third-Party App Access button.
Then, select the Configure new app button.
In the next window that appears, you can search for the name “Gem”, and it should be the first result that appears. Make sure the Client ID matches which is 58431258424-k57jbgkusp2u1akuqb7rd060v72ar6g3.apps.googleusercontent.com. Once you’ve found it, select it.
On the next step, you can either allow the entire organization to access the app or specific org units. Once you’ve chosen an option, select Continue.
On the next step, select Trusted and then the Continue button. This doesn’t mean we get access to everything, it only means we can now request access to use specific APIs. If you know that your organization will only be utilizing a subset of the available permissions, you can select Specific Google data and select the scopes that you need.
On the last step, you’ll just review all the settings you just configured. If everything looks good, select the Finish button. Once you’ve done that, users should now be able to sign into Gem.
- Allowing the Gem app to have API access