Restrict third-party API access to Google Workspace and end user data with new app access control

What’s changing 

You can now block all third-party API access to Google Workspace data with a new setting. This compliments other available OAuth settings which help you control which third-party & internal apps access Google Workspace data

When selected, all third-party apps are denied access to Workspace and end user data, blocking all OAuth 2.0 scopes. This also means that users cannot use their Google Workspace accounts to sign into third-party apps and websites. 

Who’s impacted 

Admins and end users

Why it’s important 

This new setting adds another layer of protection over your Workspace and end user data. Not every third party application has robust security measures in place or conforms to your security policy — by restricting third-party APIs from requesting sensitive information, such as login or email scopes, you can ensure your data and user data stays secure.

When all third party API access is blocked, an app will not be able to access any Workspace user date, across web and mobile. If users try to authorize an untrusted app, they’ll see an authorization error message. Admins can customize this error message if they choose.

Getting started 

Rollout pace