📖 2 mins read

We’re often asked what is the best way to restrict applications from being installed on our domain? This is a really good question. If you don’t want your end-users (employees if you’re an organization/ or students if you’re a school) to install a random or insecure app on your domain, you can simply take the following actions.

Limit or Restrict Marketplace Apps on G Suite

  1. Navigate to your G Suite Admin Console (make sure you’re signed in as a G Suite Super Admin).
  2. Enter the following section; Apps > Marketplace Apps.
  3. Click on the 3 dot menu option on the top right of the page.
    Select Manage Apps.GAT+: How to Restrict 3rd Party Apps and Secure your Google Drive 1
  4. Now click on Manage access to apps.GAT+: How to Restrict 3rd Party Apps and Secure your Google Drive 2
  5. You will be presented with 2 options that can help you control the 3rd party apps end-users can install.
    1. Do not allow users to install any application from G Suite Marketplace.
    2. Allow users to install only whitelisted applications from G Suite Marketplace.
  6. We recommend the latter option.

Result for End-users

For apps that are blocked, users will see the following option:

GAT+: How to Restrict 3rd Party Apps and Secure your Google Drive 3

 

Restrict Extensions from using Google Drive API and Prevent Add-ons for Google Docs

To further secure your end-users data across Google Drive. You can put further restrictions on extensions and Chrome Browser applications that request access to data via Google Drive SDK API.

  1. Navigate to the following section:  Apps > G Suite > Settings for Drive and Docs > Features and Applications.
  2. In that section you will be presented with a few options, let’s focus on these two options:
    1. Drive SDK, you can switch this OFF.
      This will prevent Chrome Extensions or Chrome Apps from gathering data from end-users’  Google Drive.GAT+: How to Restrict 3rd Party Apps and Secure your Google Drive 4
    2. You can also switch OFF Add-on for Google Docs, Spreadsheet, Slides and Forms.GAT+: How to Restrict 3rd Party Apps and Secure your Google Drive 5

 

GAT+ reporting on 3rd Party Apps and Chrome Apps

Why is GAT+ necessary to audit 3rd Party Apps and Chrome Applications, GAT+ can do the following:

  • View 3rd party apps and the permission they are requesting from end-users.
  • View how many users installed a 3rd party app or chrome application.
  • Create additional policies to BAN or Allow 3rd party apps.
  • Find 3rd party apps that request certain permissions.
Thanks for sharing and spreading the word!