Google Workspace Apps

Effective 2024-06-26, Google Workspace applications that connect via OAuth are blocked without prior approval. Using Google for sign-in only is exempt from this policy.

Adding an external OAuth application to Google Workspace

Please create a app integration issue. Once the app integration issue has undergone all necessary reviews and approvals, please submit a CorpSec issue and link the app integration issue.

Adding an internal app/app script to Google Workspace

You may be blocked from using an internal Google Apps Script, particularly if it runs from a Google Doc/Sheet/Slides. Please use the following steps to get your script authorized:

  1. If you don’t already have a Sandbox Cloud account, please create an account, and request a GCP project be created.
  2. Access your GCP project
  3. Inside your newly created GCP project (formatted {emailHandle}-{cloudAccountShortId}), search for OAuth consent screen.
  4. Select Internal
  5. Select Create
  6. Enter an app name, support email and developer e-mail. The emails should both be your work email.
  7. Select Save and Continue
  8. Select Save and Continue (may not need to add any scopes)
  9. Click the Google Cloud logo at the top left of the screen and copy your Project ID
  10. Now in the Google Doc/Sheet/Slides:
    1. Select Extensions > Apps scripts
    2. Select the Settings wheel -> Project settings
    3. Under Google Cloud Platform (GCP) Project heading, choose Change Project and paste your Project ID, then Set project

Troubleshooting

  1. If you continue to get authorization errors after completing the above:
    1. Open the script editor console and run the script manually
    2. Manually approve the OAuth access dialogs and authorizations
Last modified September 23, 2024: Fix broken links (d748cf8c)
View page source - Edit this page - please contribute. Creative Commons License