Manage Apps Accessing G Suite Data with New App Access Control

Google is improving your ability to control the access to G Suite Data by third party Apps and domain apps. The update, New App Access Control feature will update the interface and control in the G Suite Admin Console which will help you to search for, research and control the apps using OAuth2 to access the G Suite Data. App access control will replace the current API permissions feature to help G Suite Admin. 

Find: Identify the apps being used and see which have been verified to access restricted Oauth 2Step  scopes. 

Assess: To understand which apps are being used and get support information about them.

Control: Manage apps that you can trust and what data third-party apps can access. 

By these features, Admin will be affected only.

G Suite has thousands of apps available directly to customers via the G Suite Marketplace, and a rich API framework enabling the developers to develop custom apps. Not all apps will give assurance to every enterprise customer’s security policy, so the customers and partners value controls to manage third-party apps accessing G Suite data.

With this access control, you can have better visibility into the third-party apps your users have approved to access their G Suite data, and you can reduce any risk to company data by restricting access to trusted apps.

How to enable these features:

• Admins: Find the new features of App Access Control at Admin Console >> Security >> App Access Control. This replaces the prior “API Permissions” feature. All admins who have the security privileges can access it. 

• End-users: No action needed. 

Find: Identify apps being used and monitor which have been verified for access to restricted OAuth2 scopes. The new interface will help the admin to see which apps and Google services are being used. Also, Google previously announced that they now block new installs for unverified third-party apps that access Gmail data, unless you trust them in the Admin console. You can now check your app details page to verify apps’ trusted status.

Assess: Research the risk profile for the app and its developer as well as publisher. This will include the developer’s support email, privacy policy, and Terms of Service. In addition, if the app is verified from Google, it will show you this information here. This information can help you decide whether to allow or block an app.

Control: Manage which apps you trust and what data third-party apps can access by the user. You’ll also be able to adjust whether you allow or block apps accessing G Suite data via OAuth2 scopes. With these new features, you now have an easier way to restrict access to APIs (OAuth2 scopes) for Google services such as Gmail, Drive and the Admin console. It continues to be managed with the Manage API Client Access in the Security menu.

The Enterprise Advanced Protection Program, that Google announced in general availability today, helps you to enforce a set of enhanced security policies for the employees in any organization who are most at risk for targeted attacks. Once users self-enroll, the program enforces an app access control policy—it will automatically block applications that require restricted Gmail and Drive access unless explicitly trusted by the admins—as well as other policies. It will include the use of security keys, enhanced email scanning for threats, and download protections in Google Chrome.