What’s changing 

When your users motion successful to third-party apps utilizing nan "Sign successful pinch Google" action (single sign-on) aliases usage OAuth to stock their information pinch those apps, you tin power what entree those apps person to your organization’s Google information utilizing app entree controls. 


Admins presently tin configure nan third-party apps arsenic “Trusted”, giving them entree to each OAuth scopes aliases arsenic “Limited”, giving them entree to scopes only from Google services which are not restricted. Beginning today, we’re giving admins different furniture of granular power for third-party apps. Specifically, you tin now configure apps to beryllium constricted by selected OAuth 2.0 Scopes for Google APIs, specified arsenic Drive aliases Gmail scopes. This helps guarantee that these apps do not summation further entree without admin consent based connected caller API scopes that they mightiness petition successful nan future, keeping information entree constricted to only what is deemed perfectly basal by admins.




Getting started

  • Admins: To negociate app access, successful nan Admin console navigate to Security > API Controls > App Access Controls. Visit nan Help Center to study much astir controlling which third-party & soul apps entree Google Workspace data.

Rollout pace

  • Rapid and Scheduled Release domains: Available now.

Availability

  • Available to each Google Workspace customers, arsenic good arsenic Cloud Identity Free and Premium customers


Resources

  • Google Workspace Admin Help: Control which third-party & soul apps entree Google Workspace data
  • Google Workspace Admin Help: OAuth log events