Project Description

📖 2 mins read
Last year, Google launched app access control to help all Google Workspace and Cloud Identity customers control access to Google Workspace data via OAuth 2.0 by third-party and domain-owned apps. Now, Google is improving it by allowing admins to block apps from accessing any OAuth 2.0 scopes. This makes it easy for customers to quickly restrict apps that are deemed to be high-risk or compromised.
If an app is blocked, it will not be able to access any data from Google services. It will be blocked whether the app is on iOS, Android, or the web. If users try to authorize the app, they’ll see an authorization error message. Admins can customize this error message if they choose.

Who’s impacted

Admins

Why you’d use it

Google Workspace has a robust developer ecosystem, with thousands of apps available via the Google Workspace Marketplace and directly to customers, and a rich API framework enabling customers to develop custom apps. Not all apps, however, conform to every enterprise customer’s security policy, so Google Workspace customers and partners value controls to manage third-party apps accessing Google Workspace data.

Previously, admins could trust or limit access by specific apps. Now, Google is streamlining this to make it easier to manage potentially thousands of apps, and to help you to more quickly block apps when needed. By adding an option to block an app, you can quickly and efficiently protect data when an app is compromised or high-risk.

Block apps from accessing Google Workspace data with app access control 1
You can now block app access to OAuth 2.0 scopes via the Admin console. 
 
Block apps from accessing Google Workspace data with app access control 2
Apps can now be trusted, limited, or blocked. 

Getting started

Rollout pace

Availability

  • Available to Google Workspace Basic, Google Workspace Business, Google Workspace Enterprise, Google Workspace for Education, Google Workspace Enterprise for Education, and Google Workspace for Nonprofits customers
  • Not available to Google Workspace Essentials and Google Workspace Enterprise Essentials customers
Thanks for sharing and spreading the word!