Skip to main content

Error 400: admin_policy_enforced

Updated this week

The "Error 400: admin_policy_enforced" error occurs when Google Admin policies restrict Guardz from accessing the necessary permissions.

Follow these steps to resolve it:

  1. Sign in to the Google Admin console (admin.google.com) using an administrator account with appropriate privileges (e.g. security or super admin)

  2. In the left sidebar click 'Security' (if you don’t see “Security” immediately, you might need to click 'Show more' or 'More controls' to expand hidden sections)

  3. Under Security, select 'Access' and 'Data control'

  4. Click 'API controls'

  5. On the API controls page, go to 'Manage App Access' (also known as “App access control”)

  6. To add a new app:

    • Click Configure new app (or Add app if that label appears).

    • Choose OAuth App Name or Client ID.

    • Enter Guardz’s Client ID (for example, 223950200780-7g4b4rcltj4m28thovgg9fb7b4aeevmd.apps.googleusercontent.com) and search

    • Select the app from the results

  7. Set the scope of application (which Organizational Unit(s) the policy applies to) you might choose your top OU (i.e. whole organization) or specific sub-OUs.

  8. Choose the Access level:

    • Trusted (grant full access to all Google services needed)

    • Or Specific Google data (if you want tighter control over which scopes are allowed)

    • Or Limited / Blocked (depending on policy)

  9. Optionally, if the app uses an OAuth client ID, there may be a checkbox to Exempt from Context-Aware Access blocking (so that the app’s API access is preserved even under restrictive context policies).

  10. Click Next, review, then Save / Configure access / Finish

  11. Changes may take up to 24 hours to propagate (though often they apply faster)

Did this answer your question?