Last year, we launched app access control to help all G Suite and Cloud Identity customers control access to G Suite data via OAuth 2.0 by third-party and domain-owned apps. Now, we're improving it by allowing admins to block apps from accessing any OAuth 2.0 scopes. This makes it easy for customers to quickly restrict apps that are deemed to be high-risk or compromised.
If an app is blocked, it will not be able to access any data from Google services. It will be blocked whether the app is on iOS, Android, or the web. If users try to authorize the app, they’ll see an authorization error message. Admins can customize this error message if they choose.
Why you’d use it
G Suite has a robust developer ecosystem, with thousands of apps available via the G Suite Marketplace and directly to customers, and a rich API framework enabling customers to develop custom apps. Not all apps, however, conform to every enterprise customer’s security policy, so our customers and partners value controls to manage third-party apps accessing G Suite data.
Previously, admins could trust or limit access by specific apps. Now, we’re streamlining this to make it easier to manage potentially thousands of apps, and to help you to more quickly block apps when needed. By adding an option to block an app, you can quickly and efficiently protect data when an app is compromised or high-risk.
You can now block app access to OAuth 2.0 scopes via the Admin console.
Apps can now be trusted, limited, or blocked.
- Admins: Go to Admin console > API controls > App access control to start using the feature. Visit the Help Center to learn more about how to control which third-party & internal apps access G Suite data.
- End users: There is no end user setting for this feature.
- Rapid and Scheduled Release domains: Full rollout (1–3 days for feature visibility) starting on July 21, 2020
- Available to G Suite Basic, G Suite Business, G Suite Enterprise, G Suite for Education, G Suite Enterprise for Education, and G Suite for Nonprofits customers
- Not available to G Suite Essentials and G Suite Enterprise Essentials customers