The Admin can choose to ban a user, group or OU.
When a user for whom the ban is in place tries to install the App again, they will be rejected as soon as Google notifies GAT+ that the new app is being installed.
How to create real-time banning of third-party apps
Find the Application once it is installed by the user using any of the search options.
When the application is found click on the + sign under the actions tab.
Select Policy type to ban.
Note: GAT+ checks the Ba, if there are Trust apps then they will be used to remove users from the Ban.
For example: If you ban an app for /Sales team, but trust the app for just one user who is part of the /Sales team, the ban rule will skip this account.
Select the users for which the application has to be banned.
Add user, group or Org.Unit, then click on Add button. The selected user/group/OU will be displayed below.
Click on save for the rule to be active. This will save the rule in the Policies tab.
Under the actions, you can choose to Edit the ban (pen icon) or you can delete (bin icon) the ban policy.
After a ban is created
The application will be banned from being used by selected users. However, as this is not a permanent ban on the application, the user can try and install the third-party app again. If this is the case, GAT+ will ban the application again.
This happens in real-time when a user tries to install the banned application, they will be rejected as soon as Google notifies GAT+ that a new App is being installed or access is being granted.
Note: In some cases, the user can log in, because the revoke action comes after the fact, but the app can not use any API after. It depends on the app behavior.