This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ Log in to ask a question

Login with Google

Akuyper0
New Contributor II

‎03-15-2024 07:53 AM

At some point in the past, I turned the ability for my teachers to use SSO with ChatGPT off.  I have forgotten how to get to the place where I can change that.  Any help would be appreciated! I know how to change it for apps, but it is not the same place. 

 

Thanks! 

Topics:
0 Kudos
Reply
10 REPLIES 10

NielsBrockmeier
Contributor

‎03-15-2024 08:01 AM

Are you talking about the 3rd party apps?

https://admin.google.com/ac/owl (Security > Access and Data control > API controls)

Reply

Kim_Nilsson
Admin Moderator
In response to NielsBrockmeier

‎03-15-2024 08:05 AM

That's definitely the right place.

--
https://wheretofind.me/@NoSubstitute
0 Kudos
Reply

Akuyper0
New Contributor II
In response to NielsBrockmeier

‎03-18-2024 08:09 AM

It isn't for the apps.  It is just for third party websites.  

0 Kudos
Reply

NielsBrockmeier
Contributor
In response to Akuyper0

‎03-18-2024 08:19 AM - edited ‎03-18-2024 08:20 AM

3rd party websites with SSO are also part of the API-Controls "apps". It's a bit of a confusing usage of the term "app" but this is how it is used.

If you want to turn off Chat-GPT for example you can restrict signing in by adding "OpenAI" (Web) as Blocked in your configured apps. That way you can't sign in as you have blocked access to the basic information access which is the bare minimum needed to sign in.

Reply

Kim_Nilsson
Admin Moderator
In response to NielsBrockmeier

‎03-18-2024 08:34 AM - edited ‎03-18-2024 08:36 AM

Well, since all Edu organisations should (since long) all have switched to Block Everything, most shouldn't have to do anything to stop users from using Login with Google to unsanctioned services.

But those who already have allowed OpenAI and now has changed their mind, you can remove it from your list of Trusted apps. Granted, blocking it, as a first step, is often faster.

The client_id for OpenAI is 799222349882-ne3i0s9jdm5s0p7ll2d7tlsi1vc1halt.apps.googleusercontent.com

Today, the name is actually OpenAI, but in the beginning they called it Universe. Completely useless description.

Removing an app from the Trusted list.

There is no easy click to remove button. Believe me, I have asked for it! 🙂

Instead what you can do is Download list of currently configured apps, adjust the list, and then Bulk update list.

Kim_Nilsson_0-1710775848224.png

What you do is change the value in column Status to UNCONFIGURED.

When you upload the list again, it'll remove the app from the list of Configured apps, logically. 🙂

You should probably not keep rows of the other apps in the list to upload, else it'll try to change those too.

--
https://wheretofind.me/@NoSubstitute
0 Kudos
Reply

Akuyper0
New Contributor II

‎03-18-2024 08:29 AM

Thank you so much!  I so appreciate it! 

0 Kudos
Reply

Kim_Nilsson
Admin Moderator

‎03-18-2024 08:36 AM

@Akuyper0 allow this client_id access to the Login with Google service.

OpenAI: 799222349882-ne3i0s9jdm5s0p7ll2d7tlsi1vc1halt.apps.googleusercontent.com

--
https://wheretofind.me/@NoSubstitute
0 Kudos
Reply

Kim_Nilsson
Admin Moderator
In response to Kim_Nilsson

‎03-18-2024 08:37 AM - edited ‎03-18-2024 08:38 AM

In my admin, the Login with Google service is the only one I haven't set to Restricted here.

This allows me to set a new app/service/extension as Limited (instead of Trusted), which means only Login with Google is allowed.

--
https://wheretofind.me/@NoSubstitute
0 Kudos
Reply

DavidMiles
New Contributor

‎04-30-2024 02:19 AM

I'm having a related issue - I have the OpenAI app blocked at the domain level, but Trusted for our teacher OU. However, we can't login or create accounts, and I'm getting this error
Error 400: admin_policy_enforced
Request details: response_type=code redirect_uri=https://auth0.openai.com/login/callback state=pR1qFhKDFKHx97Gn84RxyOGYtQ1nMKfK client_id=799222349882-ne3i0s9jdm5s0p7ll2d7tlsi1vc1halt.apps.googleusercontent.com access_type=online scope=https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile openid

Which should be meaning that I have it blocked. Except it isn't, and Google Help confirmed that.

I've asked for help from OpenAI. However - looking at the discussion above, could a solution be to remove it completely from the list via the download/bulk update method, wait 24 hours, then try requesting and re-authorising it?

0 Kudos
Reply

Kim_Nilsson
Admin Moderator
In response to DavidMiles

‎04-30-2024 03:35 AM

"Rebooting" never hurts. 🙂

Also, are you 100% sure that the client_id is the exact same? Many actors create several client_ids for different purposes, and then rarely ever tell us users.

client_id: 799222349882-ne3i0s9jdm5s0p7ll2d7tlsi1vc1halt.apps.googleusercontent.com

In this case, it does seem like OpenAI only uses one service account (client_id).

Kim_Nilsson_0-1714473081029.png

Also, nobody should need "requesting" anything.

You as the admin just remove the client_id. Everyone will be kicked out (who isn't already). Wait the magic 24 hours. then you as the admin go inte Configured apps and Add app again.

Kim_Nilsson_1-1714473211810.png

For some extra magic, you could reset all user's sessions, so they will have to go through the entire process again when attempting to connect.

--
https://wheretofind.me/@NoSubstitute
0 Kudos
Reply
  • © 2023 Google. All rights reserved.
  • Privacy Policy
  • Terms of Service
  • Community Guidelines