Update G Suite settings to avoid service interruption (November 2019)
The purpose of this notice is to inform you of changes to Google Admin API settings that affect OAuth-connected apps like Front. Google has deprecated the API Reference setting to control API access to G Suite's admin APIs. You can read full details about the change here: https://support.google.com/a/answer/7281227.
Before Monday, November 4th, please check the following settings in your Google Admin console (https://admin.google.com) to avoid any service interruption in Front:
- Admin Console / Security / API Reference / API access / Enable API - set to enabled
- Admin Console / Security / API Permissions - set all to enabled
- After making these changes, please ensure you click into your Front Settings, and reauthorize any Gmail accounts which require it
If these settings are disabled, you may see an "admin_policy_enforced" error when trying to connect or re-authenticate one of your Gmail channels. Note that enabling these settings only allows OAuth-connected apps like Front to request for permission to connect to your accounts via the API, and does not actually grant any permissions. Permissions are granted when you approve an app through the OAuth consent screen.
Please reach out to us at email@example.com if you have any questions. We're happy to help!
Instructing organizations to set all of their API permissions to "enabled" is somewhat rash as this essentially results in an organization whitelisting every single third-party OAuth app that exists or may exist in the future; not very wise from an information security perspective. It would have been better to list the specific API scopes (e.g. Gmail, Calendar) that Front requires to integrate with an organization's G Suite domain. This would then allow admins to manually approve the required scopes, while restricting anything that is not required for Front to function.