Your team just got a new tool. The vendor gave you an OAuth client ID — a long string that looks like 1234567890-abcdefghij.apps.googleusercontent.com — and told you to add it to Google Admin. Now you're staring at the console wondering where that screen even is.
This is the guide I wish existed when we went through this ourselves.
Why this comes up
Most modern Google integrations walk you through a consent screen, you click Allow, and you're done. Legacy systems and newer apps that haven't completed Google's verification process work differently — they skip the self-service flow and need a Workspace admin to manually vouch for them.
When a user tries to connect and sees "This app is blocked" or "Access blocked: [App Name] has not been verified", that's Google Workspace doing its job. The org's security policy is set to only allow apps that have been pre-approved.
Your job as admin: tell Google this specific app is OK.
What you need before you start
- Admin access to your Google Workspace (admin.google.com)
- The app's OAuth 2.0 client ID — provided by the vendor. It ends in
.apps.googleusercontent.com - 5 minutes
Step-by-step
1. Open Google Admin
Go to admin.google.com and sign in with your admin account.
2. Navigate to API Controls
From the main menu: Security > Access and data control > API controls
If you don't see this path, use the search bar at the top and type "API controls".
3. Open Third-Party App Access
Click Manage Third-Party App Access. This lists all apps that have been granted or blocked in your org.
4. Add the app
Click Add app, then choose OAuth App Name or Client ID.
Paste the OAuth client ID the vendor gave you. Google will look it up and show you the app name and what scopes it's requesting.
5. Set access
Select the organizational units this should apply to (usually your whole org), then set the access level to Trusted. Trusted means users can connect the app without admin approval each time.
Click Configure.
6. Test it
Ask the user to try connecting again. The "app is blocked" error should be gone. If Google cached the block on their browser, they may need to clear cookies or try in an incognito window.
What if I don't have the client ID?
Ask your vendor. Any app that uses Google OAuth has one — it's generated when they register with Google Cloud Console. They should be able to provide it in under a minute.
If they can't find it, that's a red flag worth noting.
A note on why some apps aren't verified
Google's verification process takes time — weeks to months, especially if the app requests sensitive scopes. That doesn't mean the app is unsafe. It just means Google hasn't reviewed it yet.
The admin whitelist approach is the right short-term fix. Once the app completes verification, you can leave the trusted setting in place or let it fall back to the global policy — your call.
If you're connecting MoltBot Ninja to your Google Workspace and running into this, reach out and we'll send you the exact client ID and walk you through it. Usually takes less than 10 minutes end-to-end.