ERROR: No Client Access allowed despite all correct configs (DWD, API, App Access, JSON Key)

[Kelby Novaria]

Hello,

I am setting up GAM on a GCE instance and am running into a persistent ERROR: No Client Access allowed that I cannot solve. I have already waited several hours for all settings to sync.

Here is what I have verified:

1. GCE VM: Set to "Allow full access to all Cloud APIs."

2. GCP Project: The "Admin SDK API" is enabled.

3. GCP Service Account: The service account is enabled.

4. Google Admin (DWD): The Client ID has the correct 5 scopes (user, group, orgunit, gmail, drive) added as a single, comma-separated line.

5. Google Admin (App Access Control): The Client ID has been added and set to "Trusted" for the root domain.

6. User Account: I am a Super Admin, and the error persists when testing against other Super Admin accounts.

I get the exact same error when using both gam create gcpserviceaccount AND when I manually upload a downloaded JSON key file for the service account.

The error is not a sync issue, and it's not a local config file issue. It must be a Google Workspace security policy that is overriding all of these settings. What other policy (Context-Aware Access, etc.) could be causing a service account to be blocked like this?

Thank you.

[Ross Scroggs]

Send me a private Meet/Zoom invitation and I'll help.

Ross

----

Ross Scroggs

Ross.S...@gmail.com

--
You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/google-apps-manager/34a5089d-2cdf-496d-8528-66dbb524c2f7n%40googlegroups.com.