Protecting your organization’s most sensitive data and assets is a constant challenge. G Suite helps protect your data in a number of ways: thwarting attackers with advanced phishing detection through machine learning, mandating strong authentication with security key enforcement and preventing data leakage through tools such as DLP.

Today, we’re adding another security feature that improves data access control and enhances phishing prevention—OAuth apps whitelisting, giving your organization added visibility and control into how third-party applications are using your data.

New third-party application access controls

OAuth apps whitelisting helps keep your data safe by letting admins specifically select which third-party apps are allowed to access users’ G Suite data. Once an app is part of a whitelist, users can choose to grant authorized access to their G Suite apps data. This prevents malicious apps from tricking users into accidentally granting access to their corporate data.

OAuth Security GIF

With these new security controls, an admin can:

1. Get fine-grained visibility into the third-party apps that are accessing G Suite data.

OAuth Still 1
G Suite Admin console

2. Allow access to only trusted and vetted third-party OAuth apps.

OAuth Still 2

3. Guard OAuth access to core G Suite apps data by preventing unauthorized app installs, thus limiting the problems caused by shadow IT.

OAuth Still 3

Once the OAuth whitelisting settings are in place, access to third-party apps is enforced based on the policy set by admins, and employees are automatically protected against unauthorized apps.

Enable OAuth Apps Whitelisting for your domain

This feature is being rolled out in phases and will be made available within the Admin console in next few days. Check out instructions on how to get started here. And if you’re interested in learning more about how your business can collaborate, store and communicate securely in G Suite, visit the G Suite Security page.


Google Cloud

Leave a Reply

Your email address will not be published. Required fields are marked *