Additional considerations for Google Workspace

If your app targets an external user type, you might want to address the widest possible audience of Google Accounts, which includes Google Accounts administered by a Google Workspace organization.

Google Workspace administrators can use API access controls to enable or restrict access to Google Workspace APIs for customer-owned and third-party applications and service accounts. This feature lets Google Workspace administrators restrict access to only OAuth client IDs that are trusted by the organization, which reduces the risk associated with third-party access to Google Services.

To reach the widest possible audience of Google Accounts and to foster trust, we recommend the following:

  • Submit your app for verification by Google. If applicable, you must submit your app for brand verification, as well as sensitive and restricted scopes verification. Google Workspace admins can view your app's verified status, and they might trust apps that Google verifies more than apps with an unverified or unknown status.
  • Google Workspace admins can give your app's OAuth client IDs access to restricted services and the high-risk scopes within. If you include your app's OAuth client ID in your help documents, you can provide Google Workspace admins, and advocates for your app within their organizations, the information needed to give access to your app. It can also help them understand what configuration changes might be needed before your app can access an organization's data.
  • Routinely monitor your user support email address that you provide when you configure your OAuth Consent Screen page. Google Workspace admins can view this email address when they review your app's access, and they might reach out to you with possible questions and concerns.