Breadcrumbs

Add Enpass to Google Workspace

Why does Enpass need to be added to Google Workspace?

Unlike traditional password managers that store your credentials on the vendor's own servers, Enpass follows a data sovereignty model — your encrypted vaults live entirely within your organization's own Google Workspace environment (Google Drive). Enpass never stores, accesses, or processes your vault data on its servers.

To make this work, the Enpass application on each user's device needs permission to interact with Google Drive on the user's behalf — reading and writing encrypted vault files, managing shared vault folders, and identifying users for collaboration. These interactions happen through Google APIs using OAuth 2.0, and Google Workspace requires that an administrator explicitly configure and trust the Enpass application before users in the organization can connect.

This admin configuration step registers Enpass as a trusted third-party app in your Google Workspace Admin Console, allowing your users to seamlessly connect their Enpass app to Google Drive without encountering "Access blocked" or "App is blocked" errors.

Before you proceed, you may want to review the OAuth scopes Enpass requests and understand how your data is protected:

Prerequisites

  • You must be a Super Admin or an admin with the Service Settings administrator privilege in your Google Workspace domain.

  • Users in your organization must have active Google Workspace licenses with Google Drive access.

Step 1: Open API Controls in Google Admin Console

  1. Sign in to admin.google.com.

  2. Navigate to Security → Access and data control → API controls.

Step 2: Configure Enpass as a new app

  1. Click Manage App Access.

  2. Under Configured apps, click Configure new app.

  3. In the search field, enter the Enpass Client ID:

   479522442422-vkbqmpavooam8t19j33cu9tsvj22018p.apps.googleusercontent.com

Alternatively, you can search by name Enpass, but searching by Client ID is recommended to ensure you select the correct app. 4. Click the matching app in the search results.

Important: Multiple apps may appear when searching by name. Make sure you select the one with Type: Web and Client ID 479522442422-vkbqmpavooam8t19j33cu9tsvj22018p.apps.googleusercontent.com. This is the OAuth client used by the Enpass desktop and mobile applications for Google Drive vault sync.

Step 3: Configure scope (who can use Enpass)

  1. Under Scope, the top-level organizational unit is selected by default. Leave this selected to allow all users in your organization to use Enpass.

  2. To allow only specific organizational units, click Select org units, then click Include organizations and check the boxes for the organizational units that need Enpass access.

  3. Click Continue.

Step 4: Set access level

  1. Under Access to Google data, select Trusted. This allows Enpass to access both restricted and unrestricted Google services (specifically Google Drive), which is required for vault sync and sharing.

  2. Click Continue.

  3. Review the settings summary and click Finish.

Enpass will now appear in your list of Configured apps as a trusted third-party application.

Step 5: Verify the configuration

After completing the steps above, confirm that Enpass appears in the Configured apps list with the correct access level. Users in the selected organizational units should now be able to connect their Enpass app to Google Drive without being blocked.

Note: Changes to third-party app access settings in Google Workspace can take up to 24 hours to propagate, though they typically take effect much sooner.

What's next?