The "Error 400: admin_policy_enforced" error occurs when Google Admin policies restrict Guardz from accessing the necessary permissions.
Follow these steps to resolve it:
Sign in to the Google Admin console (admin.google.com) using an administrator account with appropriate privileges (e.g. security or super admin)
In the left sidebar click 'Security' (if you don’t see “Security” immediately, you might need to click 'Show more' or 'More controls' to expand hidden sections)
Under Security, select 'Access' and 'Data control'
Click 'API controls'
On the API controls page, go to 'Manage App Access' (also known as “App access control”)
To add a new app:
Click Configure new app (or Add app if that label appears).
Choose OAuth App Name or Client ID.
Enter Guardz’s Client ID (for example,
223950200780-7g4b4rcltj4m28thovgg9fb7b4aeevmd.apps.googleusercontent.com
) and searchSelect the app from the results
Set the scope of application (which Organizational Unit(s) the policy applies to) you might choose your top OU (i.e. whole organization) or specific sub-OUs.
Choose the Access level:
Trusted (grant full access to all Google services needed)
Or Specific Google data (if you want tighter control over which scopes are allowed)
Or Limited / Blocked (depending on policy)
Optionally, if the app uses an OAuth client ID, there may be a checkbox to Exempt from Context-Aware Access blocking (so that the app’s API access is preserved even under restrictive context policies).
Click Next, review, then Save / Configure access / Finish
Changes may take up to 24 hours to propagate (though often they apply faster)