Access via google suddenly stopped working

Hi,

Apologies if this description is using some terminology wrong, I’m just getting started with cloudflare
I have a zero trust portal set up and have an access group that allows users to login.
I had added users with gmail addresses in the past and that worked well and continues to work well. But now I’ve added two new gmail users and when they try to login they get this message:
Access blocked: cloudflareaccess.com has not completed the Google verification process

What would be good next steps to debug this issue? I’ve googled but with little success and it’s hard to debug because for the older gmail users it works just fine and I’m not sure what changed.

Thanks and best wishes,
Kevin

I don’t have an answer but I do have the same issue.
I have a zero trust tunnel that is working for 1 user (gmail/google authentication) to both endpoints in the tunnel. The other user is able to access one endpoint in that same tunnel but not the other (the other results in the “Access blocked: cloudflareaccess.com has not completed the Google verification process” message).

Having the same issue:

Access blocked: cloudflareaccess.com has not completed the Google verification process

I’m having the same issue for new users. Existing users can log in or stay logged in without issue

Ok, it’s somewhat of a relief to know that I’m not alone and I’m not insane. Do you know whether there is a way to escalate this to someone official at Cloudflare?

You’ll need to add the Google Cloud project app that you created as part of your Google Workspace Trusted Apps under https://admin.google.com/ac/owl/list?tab=configuredApps

Just add the Client ID of the app and it should then be permitted to use this app.

Otherwise you’ll need to submit Google Cloud project app for approval which will take time. But if you’re using this with Google Workspace, adding this app as part of it’s “Trusted” apps will bypass the need for this.

I don’t recall how I had set up the Google access in Zero Trust before (when I go now I see the setup with App ID and client so that looks ok).
But if I follow the link you sent it says “Sign In With Administrator Account”
But again, until very recently this all worked fine, so I’m not sure what changed.

just to clarify, the blacked out AppID ends in .apps.googleusercontent.com

Are you the users that are signing in signing in via Google Workspace account? Or are they personal Gmail?
The instructions above were for allowlisting the adding the Google Cloud project as part of Google Workspace. If you’re using Gmail through your work email rather than gmail.com, this strategy should work (as long as the Google Workspace Admin whitelists the Google Cloud Project app).

If it’s a personal Gmail, most likely the Google Cloud project will need to get approval from Google.

If it’s users on your Google Workspace domain, then you can Trust the app.

My guess is that the reason you’re seeing this prompt is that Google has raised the requirements for apps that are offered to various Google and Google Workspace users.

Hi,

Thank you for your helpful response!
It’s a mix, some users coming in through personal accounts, some through the uchicago Google thing (I assume that’s a workspace)

But it makes sense to me that Google may have changed the rules.

For now I’ve added Github auth… it’s a bit of a pain because the users have to make a github account, but it solved the problem for the time being.

Cheers

Hey guys, publish the O-Auth consent screen, worked for me :slight_smile:

It should say “PUBLISH

This was the solution for me as well. Once I published my app, all works as expected!!