You ask Gemini to “find emails from client X last week” or “what’s free on my calendar Thursday”, and instead of an answer it says it can’t access your Gmail / Calendar, or you hit a Permission denied error. As of June 2026 this is almost always one of three things: the app was never connected in Gemini’s settings, Gemini Apps Activity is off (which silently disables every Connected App), or Smart features is off in Gmail. Work and school accounts add a fourth: an admin policy that blocks the connection entirely.
Fastest fix (consumer / personal Google account): open gemini.google.com, go to Settings & help → Connected Apps, and turn on the toggle for Gmail / Google Calendar / Google Drive. If the toggles are greyed out or the section is missing, your Gemini Apps Activity is off — turn it on at myactivity.google.com/product/gemini, then come back. That single combination clears the large majority of “can’t access your account” reports.
Important change since this guide first shipped: consumer Gemini no longer uses the old per-scope OAuth consent screen at
myaccount.google.com/permissions. Personal-account access is now governed by the Connected Apps toggles inside Gemini plus two account-level switches (Gemini Apps Activity and Gmail Smart features). The OAuth/permissions page still matters for the API / Gemini CLI path covered at the end.
Which bucket are you in?
| Symptom | Most likely cause | Jump to |
|---|---|---|
| Gemini says it can’t access Gmail/Calendar; Connected Apps toggles are greyed out | Gemini Apps Activity is off | Step 2 |
| Toggles are on, but Gmail/Calendar results are empty or refused | Gmail “Smart features in other Google products” is off | Step 3 |
| Personal account works, work account says “managed by your organization” | Workspace admin policy | Step 4 |
Permission denied only in Gemini CLI / API, web app is fine | 403 PERMISSION_DENIED from a stray GOOGLE_CLOUD_PROJECT | Step 8 |
| Worked yesterday, now refuses after a device/country change | Suspicious-activity lock | Step 6 |
| Gemini reads the wrong inbox | Signed into a different account than the data | Step 5 |
Common causes (by frequency)
1. App never connected (most common)
The first time Gemini needs Gmail / Calendar / Drive it asks to connect that app. If you dismissed that prompt, or never made a request that triggered it, the app stays disconnected and every data request fails.
How to check: gemini.google.com → Settings & help → Connected Apps. Any app whose toggle is off is invisible to Gemini.
2. Gemini Apps Activity is off (the silent killer)
This is the one most people miss. Per Google’s own docs, “When Keep Activity is off, Connected Apps won’t be available on gemini.google.com.” Turning Gemini Apps Activity off doesn’t just stop history logging — it disables the entire Connected Apps feature, so the toggles vanish or grey out.
How to check: go to myactivity.google.com/product/gemini. If Gemini Apps Activity shows as paused/off, that’s your problem.
3. Gmail “Smart features” is off
Google’s connection requirement, verbatim: “For Gemini Apps to connect with Google Workspace, Smart features in other Google products must be turned on in your Gmail settings.” Many users turned this off in late 2025 during the privacy news cycle and broke Gemini access without realizing it.
How to check: Gmail → gear icon → See all settings → General → scroll to Smart features, then Google Workspace smart features → Manage. You need Smart features in other Google products turned on.
4. Workspace policy blocked the connection
On a work or school account, the admin controls whether Gemini may reach Gmail / Calendar / Drive at all. Chat works; data access is denied.
How to check:
- The same prompt works on a personal account but not the work one
- The error mentions “managed by your organization”
5. Cross-account operation
Gemini is signed into account A, but the Gmail / Calendar you want lives in account B. Gemini only reads the account it is currently signed into.
6. Suspicious-activity lock
A recent device / IP / country change can make Google temporarily lock third-party and app authorizations until you confirm it was you.
How to check:
- An “unusual activity” or security banner at the top of
myaccount.google.com - You received a “Security alert” email
7. API / CLI 403 (GOOGLE_CLOUD_PROJECT)
A Permission denied that only shows up in Gemini CLI or the API — not the web app — is usually 403 PERMISSION_DENIED, frequently caused by a stray GOOGLE_CLOUD_PROJECT environment variable routing a personal account through a Code Assist project it can’t use. See Step 8.
Shortest path to fix
Step 1: Connect the app in Gemini settings
- Open
gemini.google.com. - Bottom-left, click Settings & help → Connected Apps. (If you don’t see it, click Personal Intelligence first, then Connected Apps.)
- Turn on the toggle for the app you need: Gmail, Google Calendar, Google Drive (and Docs / Tasks / Keep if relevant).
- Follow any on-screen prompt to authorize.
- Re-run your request, naming the service explicitly the first time, e.g. “Search my Gmail for invoices from last month.”
If a toggle won’t turn on or the Connected Apps section is missing entirely, do Step 2 before anything else.
Step 2: Turn on Gemini Apps Activity
Connected Apps is gated on this setting.
- Go to
myactivity.google.com/product/gemini. - If Gemini Apps Activity is paused, click Turn on.
- Return to
gemini.google.com→ Settings & help → Connected Apps; the toggles should now be available.
Step 3: Turn on Gmail Smart features
- In Gmail, click the gear icon → See all settings.
- General tab → scroll to Smart features.
- Open Google Workspace smart features → Manage.
- Turn on Smart features in other Google products (this is the one Gemini requires; the in-Workspace toggle alone is not enough).
- Save changes and reload Gemini.
Step 4: Workspace policy — what to tell IT
If you’re on a work / school account and the connection is blocked, the admin needs to enable it. Send them this exact path:
- Admin Console → Menu → Generative AI → Gemini app.
- Under app access, turn on Workspace apps (“select to allow access to apps like Gmail, Drive, and Calendar”).
- Apply to the right organizational unit / group and save.
- Changes “can take up to 24 hours but typically happen more quickly.”
Note: the admin setting for Workspace apps in Gemini has been on by default since April 2, 2025, so a block usually means it was explicitly turned off for your org.
Step 5: Confirm you’re on the right account
gemini.google.com, top-right avatar — note which account is active.- Open
mail.google.comin another tab and confirm it’s the same account. - If they differ, switch Gemini (or the data) to the matching account, or use separate browser profiles.
Step 6: Clear a suspicious-activity lock
- Visit
myaccount.google.com. - If there’s a security alert / “unusual activity” banner, open it and confirm “Yes, it was me.”
- Or run
myaccount.google.com/security-checkupend to end. - Wait about an hour, then retry the Gemini request.
Step 7: Reconnect from a clean state
If everything above is set correctly and it still refuses, force a clean reconnect:
- In Connected Apps, toggle the app off, wait a few seconds, toggle it back on.
- Still stuck? Clear cookies for Google only: Chrome → Settings → Privacy and security → Clear browsing data → Cookies and other site data + Cached images and files, scoped to
[*.]google.com, then restart the browser and sign back in. - Quick isolation check: open an Incognito window, sign into the Gemini account, and try again. Works in Incognito = an extension or cached cookie in your main profile is the culprit. Fails in both = an account-level setting (Steps 2-4) or a server-side issue.
Step 8: API / Gemini CLI — fix 403 PERMISSION_DENIED
If the error is in Gemini CLI or the API rather than the web app:
# 1. A stray GOOGLE_CLOUD_PROJECT is the #1 cause for personal accounts.
echo "$GOOGLE_CLOUD_PROJECT" # if this prints anything, that's likely it
unset GOOGLE_CLOUD_PROJECT # also remove it from ~/.zshrc / ~/.bashrc
# 2. Clear cached OAuth credentials, then sign in again.
rm ~/.gemini/oauth_creds.json # Gemini CLI credential cache
Then restart the CLI and re-authenticate with your personal Google account. Background: when you log in with a personal Google AI Pro / Free account but GOOGLE_CLOUD_PROJECT is set, the CLI tries to route requests through a Code Assist project the account can’t access and returns 403 PERMISSION_DENIED, even though the login itself succeeded (Gemini CLI issue #26564). If you’re building your own integration with the People/Gmail/Calendar APIs, make sure those APIs are enabled in your Cloud project and redo the OAuth flow:
from google_auth_oauthlib.flow import InstalledAppFlow
flow = InstalledAppFlow.from_client_secrets_file(
'credentials.json',
['https://www.googleapis.com/auth/gmail.readonly']
)
creds = flow.run_local_server(port=0)
How to confirm it’s fixed
- In Settings & help → Connected Apps, the app you need shows its toggle on (not greyed out).
- A direct test prompt returns real data, e.g. “What’s the subject of my most recent Gmail?” or “List my Google Calendar events for tomorrow.”
- For CLI/API: a minimal request returns
200instead of403.
Prevention
- Keep Gemini Apps Activity on if you want Connected Apps; pausing it disables them site-wide.
- Don’t blanket-disable Gmail Smart features — turning off “Smart features in other Google products” silently breaks Gemini’s Workspace access.
- On a work account, confirm the Generative AI → Gemini app → Workspace apps policy with IT before relying on Gmail / Calendar access.
- After a cross-device or cross-country sign-in, wait about an hour before requesting Gemini data access to avoid the suspicious-activity lock.
- For CLI/API work, don’t leave a global
GOOGLE_CLOUD_PROJECTset unless you actually need it for that project.
FAQ
Why are my Connected Apps toggles greyed out?
Almost always because Gemini Apps Activity is off. Turn it on at myactivity.google.com/product/gemini, then reload gemini.google.com. Per Google’s docs, Connected Apps “won’t be available” while that activity setting is off.
Do I still grant scopes at myaccount.google.com/permissions?
Not for the consumer Gemini app anymore — that moved to the Connected Apps toggles in 2026. The permissions page is still where you review and revoke access for third-party apps and the API / CLI OAuth flow.
It works on my personal Gmail but not my work account. Why? Your Workspace admin controls it. Ask them to enable Workspace apps under Admin Console → Generative AI → Gemini app; it can take up to 24 hours to propagate.
Does turning on Smart features mean Google trains its AI on my email? Per Google’s 2025 clarification, Smart features power in-product personalization (like Gemini reading your inbox when you ask) and are not used to train Gemini’s underlying models. You can keep Smart features on for Gemini access while keeping training-related settings off.
My Gemini CLI returns 403 but the website works. What’s different?
The web app uses your signed-in session; the CLI can be misrouted by a GOOGLE_CLOUD_PROJECT environment variable. Unset it, delete ~/.gemini/oauth_creds.json, and sign in again (Step 8).
Related
- Gemini Workspace integration issue
- Gemini beginner guide
- Gemini brainstorming
- Gemini Deep Research workflow
Tags: #Gemini #Debug #Troubleshooting