G Suite Allows You to Prevent the Apps from Accessing Your Company Data
Thanks to this new update, the management of third-party app control is simplified, ensuring data protection quickly & efficiently when an app is compromised or at high risk. Do you want to prevent external tools from accessing your company data? Contact us for more information.
If you are a G Suite or Cloud Identity customer you can prevent apps from accessing any OAuth 2.0 scope. OAuth 2.0 scopes provide a way to limit the amount of access that is granted to an access token. In this article we explore all the details.
Corporate Data Security
Google has always been committed to providing its customers with a safe and reliable service. For this reason, it constantly releases new features for corporate data protection.
In fact, last year app access control was launched to support all G Suite and Cloud Identity users to control access to G Suite data via OAuth 2.0 from third-party and domain-owned apps.
However, not all applications comply with every company's security policy.
For this reason, Google has decided to improve this functionality.
Data Access Control
There are thousands of Apps available through the G Suite Marketplace, such as APIs that allow users to develop customized applications; however, they do not always meet the compliance criteria of a company.
Google has therefore decided to implement the controls to manage third-party applications that access G Suite data.
With the latest update, system administrators can prevent apps from accessing any OAuth 2.0 scope. This allows customers to quickly limit those deemed high risk or compromised.
In this way, if an application is blocked, it will not be able to access data from Google services - on the iOS system, Android or on the Web. Furthermore, if the user tries to authorize it, an authorization error message appears (the message may also be customized).
As a G Suite administrator, you can implement domain wide delegation of authority to grant third-party as well as internal applications access to your G Suite users' data.
App developers and G Suite administrators can create service accounts with OAuth 2.0. Then, you authorize the service accounts to access your users' G Suite data without the need for each user to give individual consent. In general, here are a few apps granted domain-wide delegation:
- G Suite migration and sync tools (such as G Suite Migrate).
- Internal apps that developers create for your G Suite organization. For example, you can delegate access to an app that uses the Calendar API to add events to your users' calendars. Giffy is a classic example.
- Three-legged OAuth apps, which normally need individual user Authorization. Users activate apps without being prompted for consent, and you can specify the user data that the apps can access.
