Google SSO
Security permissions and authentication details for signing in to Last9 with Google Workspace.
Last9 supports signing in with Google (including Google Workspace accounts) using standard OAuth 2.0 / OpenID Connect (OIDC) authentication with minimal, user-scoped permissions.
Permissions Requested
Last9 requests the following OAuth scopes from Google:
| Scope | Description | Sensitivity |
|---|---|---|
openid | Authenticate using OpenID Connect | Non-sensitive |
email | View user’s email address | Non-sensitive |
profile | View user’s basic profile info | Non-sensitive |
All three scopes are classified as non-sensitive by Google and do not require additional verification. They provide access to the authenticated user’s basic identity only — name, email, and profile picture.
What Last9 Cannot Access
Last9 does not request any scopes that would grant broader access. This includes:
- Google Workspace directory (viewing or managing users/groups)
- Gmail, Google Drive, or Google Calendar
- Domain-wide delegation
- Any sensitive or restricted OAuth scopes
How to Verify Permissions
For Individual Users
- Go to Google Account — Third-party connections
- Find and click on “Last9”
- Review the permissions listed
You should only see access to your email address and basic profile info.
For Google Workspace Admins
- Sign in to Google Admin Console
- Go to Security → Access and data control → API controls
- Click Manage Third-Party App Access
- Search for “Last9” and review the scopes and access level
Revoking Access
To revoke Last9’s access to your Google account:
- Go to Google Account — Third-party connections
- Find “Last9” and select “Remove Access”
You will need to re-authorize when signing in to Last9 again.
Access Control
Your organization retains full control over who can access Last9 through Google SSO.
- You control access: Only users you authorize can sign in to Last9
- Instant revocation: When you suspend or delete a user’s Google Workspace account, they can no longer authenticate to Last9
- No standalone accounts: Users authenticate through Google — Last9 does not maintain separate credentials
Google Workspace administrators can further restrict access by configuring app access controls to block or allow Last9 for specific organizational units.
Troubleshooting
“This app isn’t verified” This may be due to your organization’s security settings. Contact your Google Workspace administrator to allow Last9.
“Access blocked: Last9 has not completed the Google verification process” This can occur if your Workspace admin has restricted third-party app access. Ask your admin to review and allow Last9 in the Admin Console under Security → Access and data control → API controls.
Can’t sign in with a personal Gmail account Last9 supports both personal Gmail accounts and Google Workspace accounts. If you’re having issues, ensure you’re using the correct account type for your organization.
If you have questions about Last9’s Google SSO integration, please contact us on Discord or Email.