# Google Workspace
## How to add the Mago application in your Google Workspace domain and grant access
When using Mago with Google Workspace room resources and users, the Mago app for display and Mago mobile app access Google services through Google APIs. To enable these features, a Google Workspace administrator must authorize the Mago application in the domain.
{% hint style="success" %}
Mago is a Google OAuth verified application.
{% endhint %}
{% stepper %}
{% step %}
### Authorize the Mago application
Open [admin.mago.io](https://admin.mago.io/) and sign in with a Google Workspace account that has Super Admin privileges. When prompted, review the requested permissions and approve. The Mago application is now authorized in your domain.
{% endstep %}
{% step %}
### Verify third-party app access and allow the Mago application if restricted
When room resources or users sign in later during device activation, Google will prompt them to approve additional scopes (such as calendar and meeting access).
{% hint style="warning" %}
If your domain restricts third-party application access, these prompts will be blocked with a **`400 admin_policy_enforced`** error.
{% endhint %}
#### Check third-party app access policy
To check if your domain restricts third-party application access:
* Open the [Google Admin console](https://admin.google.com/)
* Go to Security > Access and data control > **API controls**
* Click on **Settings**
* Under "Unconfigured third-party apps", verify which access level is selected. If it is set to "Allow users to access any third-party apps", no further action is required. If access is restricted, proceed with the next step to pre-authorize the Mago application at domain level.
#### Pre-authorize the Mago application
If your domain restricts third-party application access:
* Open the [Google Admin console](https://admin.google.com/)
* Go to Security > Access and data control > API controls > **Manage App Access**
* Click on "Configure new app"
* Search for the following Mago app client IDs and add them as trusted app (one by one).
* Set your desired Scope and click **Continue**
* Set the app as **Trusted**, then click **Continue**
* Review and click **Finish**
* Make sure to repeat the steps to configure all 3 Mago app client IDs.
{% hint style="success" %}
This ensures that users and room resources are not blocked when Mago requests additional scopes (such as calendar access) during device activation or configuration.
{% endhint %}
{% endstep %}
{% endstepper %}
## Required features and scopes
| Mago – Feature | Required Scope Permissions |
| ---------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------- |
| Log in with room account and view room name and email address | `auth/userinfo.email` |
| Select the room calendar to list upcoming meetings on the display | `auth/calendar.readonly` |
| Create a new instant meeting as a Host and book the room calendar | `auth/calendar.events` |
| Search for Google Directory contacts to add recipients to meeting invitations |
|
| Browse, import, open and view cloud storage files (Google Drive) during a Mago Workspace or Mago Stage session (file presentation) |
auth/drive
auth/drive.file
|
| Mago Workspace app – Feature | Required Scope Permissions |
| ---------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------- |
| Log in to Mago Workspace via a personal Google account, view the account name and email address | `auth/userinfo.email` |
| Choose a personal calendar to list your personal meetings in the app and start them in the meeting room | `auth/calendar.readonly` |
| Create a new instant meeting as a Host and book the room calendar | `auth/calendar.events` |
| Browse, import, open and view cloud storage files (Google Drive) during a Mago Workspace or Mago Stage session (file presentation) |
