How to Whitelist CreamSoda in Google Workspace
This guide shows a Google Workspace super admin how to allow users to connect Email, Calendar, and Contacts to CreamSoda by trusting CreamSoda’s OAuth app in the Admin console.
CreamSoda OAuth Client ID (copy-paste):
894266472955-7e8olr5q3k39d2t2d637opi6krtsf1sm.apps.googleusercontent.com
When do you need this?
If a user tries to connect Google in CreamSoda and sees “This app is blocked” or “Error 403: access_denied”, your domain is likely restricting third-party apps. Marking CreamSoda as Trusted lets your users grant the required permissions.
Prerequisites
-
You’re a Google Workspace super admin (or an admin with Security settings access).
-
You know which users/OUs or groups should be allowed to connect CreamSoda.
Step-by-step: Trust the CreamSoda app
-
Open the Admin console
Go to https://admin.google.com and sign in as an admin. -
Go to App Access Control
Security → Access and data control → API controls → App access control.
-
Add the CreamSoda app
-
Click Configure new app.
-
Choose OAuth App Name or Client ID.
-
Paste the client ID:
894266472955-7e8olr5q3k39d2t2d637opi6krtsf1sm.apps.googleusercontent.com -
Click Search. Select the app result and click Continue.
-
-
Choose who can use it
-
Under Users, pick Entire organization, or Selected organizational units, or Selected groups (recommended if you’re piloting).
-
Click Continue.
-
-
Set the access level
-
Choose Trusted.
This allows users you selected to grant CreamSoda the permissions it requests (e.g., Gmail/Calendar/Contacts). -
Click Continue → Finish.
-
That’s it—the app will now appear under Configured apps with Access: Trusted.
(Optional) Limit access to a pilot group
You can scope access narrowly by selecting Selected groups in step 2. This is useful for staged rollouts or compliance reviews.
Test the connection (user steps)
In CreamSoda, integrate with Google Workspace by following the step outline in this article.