G Suite Data App Access Control
Google has launched a new feature through which you can control the data access provided to third-party and domain-owned apps from G Suite. This feature will update the interface and controls in the G Suite Admin console to help you research, and control apps.
Importance and Functioning :
App access control will provide the new API Permissions feature to better manage the apps with functions:
-
Find
-
Access
-
Control
Let’s check these functions in detail
Find: Find out the apps being used and check which have been verified to access restricted OAuth2 scopes which are collections of procedures known as external APIs.
You can check and find that which apps and Google services are being used through this new interface. Also with this new interface, we can block the unverified third-party apps that access Gmail data, until you trust them in the Admin console. This can be done from the app details page to verify the trusted status of apps.
App list and access control page
Assess: Check which apps are being used and get details on support information of the app.
You can get more details about each app like its publisher, developer, the developer’s support email, privacy policy, etc. Also, you can know whether the app is verified or not on the basis of which you decide whether to trust/allow or block/limit an app.
App info page
Control: Manage your trusted apps and what data third-party apps can access.
Now you’ll be able to adjust whether you trust the apps accessing G Suite data with OAuth2 specification.
It has become easier to restrict access to APIs (OAuth2 scopes) for Google services such as Gmail, Drive, and the Admin console with these new controls.
Kindly take note that it doesn't cover domain-wide delegation and service accounts. It can be managed with the Manage API Client Access page on the Security menu.
App access control - updated access levels for an app
The Advanced Protection Program adds extra protection for high-risk users.
With this new feature of the Advanced Protection Program, you can enforce a set of upgraded security policies for the G Suite users in your organization who are at maximum risk for targeted attacks.
Once users self-enroll, the program enforces an app access control policy—it will automatically block applications that require restricted Gmail and Drive access unless explicitly trusted by the admins—as well as other policies.
It covers the use of security keys, enhanced email scanning for threats, and download protections in Google Chrome.
Importance :
You can better monitor the third-party apps your users have approved to access their G Suite data and you can reduce any risk to your company data by limiting access to trusted apps with this new app access control.
Implementation:
Admins can find the new app access control features by crawling to Admin Console > Security > App Access Control. The previous “API Permissions” feature is updated with this new feature. All admins having the access to Security privileges can use it.
This feature is helpful for admins and End users do not need to take any action.
Availability across G Suite editions
This feature is by default ON for all G Suite domains and G Suite editions.
References :
Manage OAuth based access to connected apps
Control third-party apps access to G Suite data
