Whitelist Trusted Apps with G Suite
Application whitelisting is the practice of specifying a list of approved applications that are permitted to be present and active on a network or a system in order to protect it from potentially harmful applications. Google provides a platform for this enhanced security.
Google provides a large variety of APIs that are used widely to integrate the functionality of one application into another. When it comes to integration, one must grant access to the data.
Now for an organisation, since the data stored in the Google Drive and the Gmail can be sensitive and confidential at the same time, one can deny the access of the OAuth Apps or add-ons.
OAuth is an authentication protocol which allows one application to interact with another on one's behalf without sharing our password. Different access tokens are issued to a client app which grants different type of access in order to protect the resources. OAuth scopes are other tools that provide a way to limit the access allowed to the access tokens.
G Suite administrators have the privilege to enable/disable different API scopes for different G Suite services -
In order to whitelist applications, we first need to limit which G Suite API scopes can be accessed by third-party apps. Then we need to create whitelists that define which apps can access blocked scopes.
Creating a Whitelist of Trusted Apps
In order to create a whitelist of Trusted Apps, follow the steps:
Go to Admin console Home page, then go to Security > API Permissions.
2. At the bottom of the list of apps, click the Trusted Apps link.
3. Click Whitelist an App +, the “Add App To Trusted List “ pop-up opens.
4. In the Select App Type list, select an option:
- Web applications
5. For Android or iOS, type an app name and click Search to display a list of available apps. For the Web Applications, you have to fill the OAuth2 Client ID.
6. Check the box next to the app you want to add, then click Add.
7. (Optional) To provide internal apps access to the restricted G Suite APIs:
- Go back to the Security page.
- At the bottom of the page, check the Trust domain-owned apps box next to Internal App Settings, and click Save.
Note: If you disable Trust domain-owned apps, internal apps will not be able to access the restricted G Suite APIs. Domain-owned apps include:
1. Any Google Apps Script projects created by users within the domain
2. Apps associated with the organization in the Google Cloud Platform Console owned by the domain.