GAM Error 400: admin_policy_enforced
2,261 views
Skip to first unread message
Bailey Malone
Nov 5, 2021, 2:11:18 PM11/5/21
to GAM for Google Workspace
Hello,
Any help would be greatly appreciated! Thanks.
I'm looking to get some help configuring GAM for a python and django project.
GAM was used when the original owner set the project up, and because the original owner was the Google Workspace admin account (which is now disabled), I have created a new Workspace admin account and am trying to re-run GAM to update the project.
The account is created, is an admin, and is linked to a Google Cloud Platform project as an owner which has domain-wide delegation enabled. The 400 error indicates the scope request is "googleapis.com/auth/cloud-platform", but this scope is included in the Security > API Client > Domain-Wide Delegation scopes authorization lists.
I'm running into a problem when I run either "gam create project" or "gam update project", which responds with a 400 error saying that an admin policy is enforced blocking access. I've attached a screenshot of the error screen.
It almost seems like the API Client configuration and the admin workspace account are not linked, but in the Google Cloud console the same admin account is linked as an owner for the API Client project.
Can someone help me figure out what I'm missing?
Any help would be greatly appreciated! Thanks.
Jay Lee
Nov 5, 2021, 2:14:11 PM11/5/21
to google-ap...@googlegroups.com
You need to allow "GAM Project Creation" in your admin console. See:
the Client ID to allow is:
Jay Lee
--
You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/8398aaf9-13bf-4e91-946e-559d955879cbn%40googlegroups.com.
Bailey Malone
Nov 5, 2021, 2:27:22 PM11/5/21
to GAM for Google Workspace
Thank you!!
That was definitely the problem. After adding the Client ID to "Allowed" under third-party app access, the GAM redirect for authorization succeeds.
Really appreciate the quick response.
Cheers.
Reply all
Reply to author
Forward
0 new messages