# Importing from Google
When importing users & groups from Google, you will face the below error on the first-time you try to authenticate:
The reason is that certain sensitive permissions are required for the import:
| Sensitivity | Scopes | Why Dope Requires This |
| -------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Non‑sensitive** (OIDC Auth) | `openid` `https://www.googleapis.com/auth/userinfo.profile` `https://www.googleapis.com/auth/userinfo.email` | Returns the user’s ID‑token + profile + primary email for identification |
| **Sensitive** (User/Group Synch) | `https://www.googleapis.com/auth/admin.directory.user.readonly` `https://www.googleapis.com/auth/admin.directory.group.readonly` `https://www.googleapis.com/auth/admin.directory.group.member.readonly` `https://www.googleapis.com/auth/admin.reports.audit.readonly` | Read‑only access to users, groups, group memberships, and Admin SDK audit logs to perform regular User/Group synchronization, and process delta for groups every 15 minutes |
## To resolve this:
1. Login to [Google Admin Sconsole](https://admin.google.com/u/0/ac/owl/list?tab=configuredApps\&hl=en) as an Administrator. Navigate to Security -> Access and Data Control -> API controls, and select **MANAGE THIRD-PARTY APP ACCESS**
2. Select Configure new app\
3. Search for dope.security's Client ID
`478881077855-4cs12s5t8lae8vsh43svpsahneb1fgu2.apps.googleusercontent.com`
3. Click the “Dope Security” app and Configure the App access to **Trusted**
Mark app as Trusted
4. Once configured, you will see the app listed as Trusted in the third-party app list.
