The "Error 400: admin_policy_enforced" error occurs when Google Admin policies restrict Guardz from accessing the necessary permissions.
Follow these steps to resolve it:
- Sign in to the Google Admin console (admin.google.com) using an administrator account with appropriate privileges (e.g. security or super admin) 
- In the left sidebar click 'Security' (if you don’t see “Security” immediately, you might need to click 'Show more' or 'More controls' to expand hidden sections) 
- Under Security, select 'Access' and 'Data control' 
- Click 'API controls' 
- On the API controls page, go to 'Manage App Access' (also known as “App access control”) 
- To add a new app: - Click Configure new app (or Add app if that label appears). 
- Choose OAuth App Name or Client ID. 
- Enter Guardz’s Client ID (for example, - 223950200780-7g4b4rcltj4m28thovgg9fb7b4aeevmd.apps.googleusercontent.com) and search
- Select the app from the results 
 
- Set the scope of application (which Organizational Unit(s) the policy applies to) you might choose your top OU (i.e. whole organization) or specific sub-OUs. 
- Choose the Access level: - Trusted (grant full access to all Google services needed) 
- Or Specific Google data (if you want tighter control over which scopes are allowed) 
- Or Limited / Blocked (depending on policy) 
 
- Optionally, if the app uses an OAuth client ID, there may be a checkbox to Exempt from Context-Aware Access blocking (so that the app’s API access is preserved even under restrictive context policies). 
- Click Next, review, then Save / Configure access / Finish 
- Changes may take up to 24 hours to propagate (though often they apply faster) 
