Google Admin Console config

This guide explains how to configure the Google Admin Console to control the level of access that third-party apps, such as myViewBoard, can request from end users during Google sign-in. The goal is to: 

• Grant only the necessary permissions to myViewBoard
• Remove confusing permission checkboxes from the Google consent screen
• Ensure that myViewBoard functions properly with the granted permissions

Key concepts

When third-party applications such as myViewBoard integrate with Google services, they use the industry-standard OAuth 2.0 protocol. OAuth allows apps to request access to certain user data or services within Google Workspace. The level of access requested is defined by OAuth scopes.

What Are OAuth Scopes?

OAuth scopes define what parts of a user’s Google account an app can access. For example, a scope might allow an app to “read Google Drive files” or “view your calendar.” Users normally see these scopes listed when signing in with Google.

Why Does the “Full Drive Access” Checkbox Appear?

If enabled, myViewBoard can request the following scope, which is very broad:

https://www.googleapis.com/auth/drive

This scope grants the app full read and write access to all Drive files, which shows up on the consent screen as:

• “See, edit, create, and delete all of your Google Drive files.”

Google displays it as a checkbox so users can optionally grant more access. However, this may lead users to approve it unnecessarily.

Why Restrict Scopes Centrally?

Relying on end users creates risks:

• They may grant more access than required.
• Sensitive Drive files may be exposed.
• Policies for data governance may be broken.

By configuring policies in the Google Admin Console, IT administrators can centrally allow only the scopes that are required for myViewBoard’s intended use, while blocking sensitive scopes like full Drive access. 

The goal of the procedure below is to remove the optional checkbox from the consent screen altogether.

Google Admin Console login

Note that only super admins (or delegated admins with API access rights) can perform this setup.

1. Log in as a super admin at admin.google.com.
2. Navigate to the following section: 
   
   Security Access and data control API controls
   
   
3. Click Manage App Access to view third-party apps. 
4. Locate myViewBoard by searching for the OAuth Client ID below:
   
   

   11040883588-v43aj6m50mkadngpiv0isj9lh27evfr1.apps.googleusercontent.com

   
   
5. If not listed, click Configure new app to add it manually. 

Add myViewBoard

If the myviewBoard app is not listed, you will need to add it manually. 

1. At the top of the app table, click Configure new app.
2. On the search box, perform one of the following: 
   1. Type the app name 'myViewBoard', or
   2. Type the OAuth Client ID below:
      
      

      11040883588-v43aj6m50mkadngpiv0isj9lh27evfr1.apps.googleusercontent.com

      
      
   3. 
3. Select myViewBoard. 
4. Click Continue.
   1. 
5. Proceed to the next section to configure permission scopes.

Configure permissions

The Google Admin Console provides two options:

Trust the App

The recommended approach is to set myViewBoard as Trusted, which will result in the following experience: 

• myViewBoard requests only the approved scopes.
• The Drive “full access” checkbox is removed from the consent screen.
• Users see a clean login flow without extra decisions.

About the exemption checkbox

When you mark an app as Trusted, you will also see the option “Exempt from having API access blocked by Context-Aware Access levels.”

• If you do not have Context-Aware Access (CAA) rules set, this setting does not matter.
• If you do have CAA rules (e.g., block logins outside certain locations), then checking this box allows myViewBoard to bypass those rules.

Limit to Specific Data

Instead of full trust, you can specify exactly which scopes myViewBoard may use. For example: explicitly allow Drive access, but this will result in the following experience:

• The Drive permission checkbox reappears.
• Users must decide whether to allow full access.
• This can cause confusion or inconsistent outcomes.

Once you have reviewed the available options:

• Click Continue on the permission scope you want to apply.
• Proceed to the next section to test the sign-in flow.

Test the sign-in flow

We recommend using a normal user account (not a super admin) for realistic results.

1. Sign in to myViewBoard with Google 
   Go to the login page, choose Sign in with Google.
   
   
2. Check the Consent Screen 
   Verify that the result matches your selected option:
   • If Trusted → No Drive checkbox.
   • If Specific Google Data → Drive checkbox is shown.
     
     
3. Validate Functionality 
   Test key features: open, save, import from Drive.
   Confirm functionality works with the permissions granted.
   
   
4. Document Results  
   Record whether you used Trusted or Specific Google Data. 
   Note the observed consent screen behavior for consistency across admins.

Recap

Configure Google Workspace to ensure a secure, streamlined integration with myViewBoard while minimizing risk.

• Setting myViewBoard as Trusted is the recommended approach. It removes the unnecessary Drive access checkbox from the Google consent screen, providing a clean and predictable login experience for all users.  
• If your organization requires stricter data governance, you may choose Specific Google data and manually select scopes. However, this will reintroduce the Drive access checkbox, requiring users to make decisions that could lead to inconsistent outcomes.  
• The exemption checkbox related to Context-Aware Access (CAA) only matters if your organization enforces CAA rules. If no such rules exist, this option has no effect.