This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ Log in to ask a question

Third-party apps automatically configured/unconfigured

Go to solution
JenWerder
New Contributor

‎09-21-2023 09:17 AM

I am really struggling with the third-party apps settings.  I opened a support ticket with Google 3 weeks ago and we've had a lot of back and forth, but my issue is still unresolved. 

Our "configured apps" list started with almost 700 apps.  There were many non-educational apps that I did not configure and my initial ask to Google was how they were added to the configured list if an admin didn't configure them.  (as an example, onlyfans was one of the "configured" apps)  I still have no answer to that question.  

This week we had an issue with Blooket.  This was one of the apps that was automatically on the configured list (meaning it was *just there*, I didn't configure it).  Yesterday I was inundated with calls from teachers wondering why their students couldn't get to Blooket.  That app was no longer in the configured apps list, but I didn't remove it.  I'm still waiting on an answer from Google on this question also.

I've checked through logs/reports and can't find anything related to these apps being configured/unconfigured, but I can see the log entries for the apps that I have manually blocked/configured.  Is anybody else experiencing this issue with apps being automatically configured/unconfigured?  

Topics:
0 Kudos
Reply
2 ACCEPTED SOLUTIONS

Go to solution
Kim_Nilsson
Admin Moderator

‎09-21-2023 09:35 AM - edited ‎09-21-2023 09:36 AM

Sadly, the answer is Yes.

It seems to have happened to quite a few organisations around the world.

I started blocking everything years ago, and I don't think our account has had unknown changes, but I know several who have.

@Kristal you should make the responsible team aware that this reflects very poorly on Google. Things have changed and nobody knows why, and nothing is logged.

--
https://wheretofind.me/@NoSubstitute

View solution in original post

Reply

Go to solution
Kristal
Community Manager
Community Manager

‎09-22-2023 10:39 AM

I reached out to the team managing this and they wanted me to convey the following:

 
Configured apps are third-party apps with an access setting (trusted, limited or blocked). An app’s access setting determines whether users can sign in to the app with their account, and which data the app can request from the user’s Google account. The guided experience is meant to surface to Admins 3P apps accessed by users in their organization. Admins need to review and confirm access settings by Oct 23 to avoid users designated as <18 losing access to any third party apps that were previously accessed. Admins can make changes to access policies for any previously accessed third party app in the guided experience as needed.  
 
Regarding why you are not seeing all configured apps in the audit logs:  Previously, only apps configured with trusted or block were logged into Admin audit logs. Moving forward, Admins will be able to see all access setting policies set by Admins including "limited".
Kristal D Ayres

View solution in original post

0 Kudos
Reply
22 REPLIES 22

Go to solution
Kim_Nilsson
Admin Moderator

‎09-21-2023 09:35 AM - edited ‎09-21-2023 09:36 AM

Sadly, the answer is Yes.

It seems to have happened to quite a few organisations around the world.

I started blocking everything years ago, and I don't think our account has had unknown changes, but I know several who have.

@Kristal you should make the responsible team aware that this reflects very poorly on Google. Things have changed and nobody knows why, and nothing is logged.

--
https://wheretofind.me/@NoSubstitute
Reply

Go to solution
Kristal
Community Manager
Community Manager
In response to Kim_Nilsson

‎09-22-2023 05:50 AM

I will definitely relay this information.  Google definitely wants a smooth experience for all users.  Thank you for raising this problem.

Kristal

Kristal D Ayres
0 Kudos
Reply

Go to solution
mfoley
New Contributor III

‎09-22-2023 07:26 AM

Another, In the configured apps page,  Why cant you see the configured access (Trusted, Blocked/Limited) from the configured apps screen?  You need to download the CSV to view that detail

Reply

Go to solution
Kim_Nilsson
Admin Moderator
In response to mfoley

‎09-23-2023 02:51 PM

Yeah, this UI restriction is annoying.

It is available one click away, though.

Mouse-over the row, and the option to View setting appears. Clicking the View link will open a sidebar with Access and OUs listed.

--
https://wheretofind.me/@NoSubstitute
0 Kudos
Reply

Go to solution
mcbride
New Contributor III
In response to mfoley

‎10-06-2023 07:07 AM

Yes, this is incredibly frustrating. With the wizard, and the pending section and unconfigured/configured section, you get different info depending on where you access it from. That screen really need to include the Access status

0 Kudos
Reply

Go to solution
cmaisano
New Contributor

‎09-22-2023 09:54 AM

We are having the same issue with Blooket. I contacted Google Support and they noted that this is a known issue specific to the Blooket app and they hope to have it resolved soon. Fingers crossed!

0 Kudos
Reply

Go to solution
Kristal
Community Manager
Community Manager
In response to cmaisano

‎09-25-2023 11:05 AM

 

Regarding Blooklet, the developer has made some changes that require Admins to reconfigure the application. Please refer to the developer's announcement here.  

 

 

Kristal D Ayres
0 Kudos
Reply

Go to solution
ddelboccio
Contributor III

‎09-22-2023 10:13 AM

I contacted Blooket support as well this week.  They gave me a different client ID to use in Google Workspace.  the one already showing in Google workspace kept kicking me back an error.

Use this when adding the 3rd party app:

366017072728-fih7d2fq1jtgpj9ctrbg5mmp95r3gf7n.apps.googleusercontent.com

0 Kudos
Reply

Go to solution
Kristal
Community Manager
Community Manager
In response to ddelboccio

‎09-25-2023 11:05 AM

 

  • Regarding Blooklet, the developer has made some changes that require Admins to reconfigure the application. Please refer to the developer's announcement here.  

 

 

Kristal D Ayres
0 Kudos
Reply

Go to solution
Kristal
Community Manager
Community Manager

‎09-22-2023 10:39 AM

I reached out to the team managing this and they wanted me to convey the following:

 
Configured apps are third-party apps with an access setting (trusted, limited or blocked). An app’s access setting determines whether users can sign in to the app with their account, and which data the app can request from the user’s Google account. The guided experience is meant to surface to Admins 3P apps accessed by users in their organization. Admins need to review and confirm access settings by Oct 23 to avoid users designated as <18 losing access to any third party apps that were previously accessed. Admins can make changes to access policies for any previously accessed third party app in the guided experience as needed.  
 
Regarding why you are not seeing all configured apps in the audit logs:  Previously, only apps configured with trusted or block were logged into Admin audit logs. Moving forward, Admins will be able to see all access setting policies set by Admins including "limited".
Kristal D Ayres
0 Kudos
Reply

Go to solution
Kim_Nilsson
Admin Moderator
In response to Kristal

‎09-23-2023 02:43 PM

Thanks for relaying the issue, @Kristal and learning that more actions will be logged, but the other response from the team isn't factual.

The sudden appearance of hundreds of configured apps is just that, sudden and unexpected.

They are not something that us admins have forgotten that we have done. They were never configured by us, and then suddenly they appear as configured.

Accessed by users and Configured by admins are two wildly different things.

--
https://wheretofind.me/@NoSubstitute
Reply

Go to solution
Kristal
Community Manager
Community Manager
In response to Kim_Nilsson

‎09-25-2023 11:06 AM

I will relay your response to that team. 

Thank you!

Kristal D Ayres
Reply

Go to solution
kcalderw
Contributor

‎09-26-2023 05:03 AM

What do you all do in this instance?

kcalderw_0-1695729797581.png

 

0 Kudos
Reply

Go to solution
Kim_Nilsson
Admin Moderator
In response to kcalderw

‎09-26-2023 05:08 AM

Well, according to their own documentation, only the bottom one is correct, and should be allowed/Trusted, and the top one should be safe to block. That should quickly move all users over to the new client_id, as soon as they are kicked out of the old one and authorises Blooket again.

--
https://wheretofind.me/@NoSubstitute
0 Kudos
Reply

Go to solution
kcalderw
Contributor
In response to Kim_Nilsson

‎09-26-2023 05:20 AM - edited ‎09-26-2023 05:22 AM

Are you using Limited for everything?

Also, changing the first Blooket to blocked fails with an invalid ID error.

0 Kudos
Reply

Go to solution
Kim_Nilsson
Admin Moderator
In response to kcalderw

‎09-26-2023 05:48 AM

Oh, so the first one is actually completely broken now? You need to give that as feedback to Google support. Include the request to get an actual DELETE button, so we can completely remove rows that we don't want to have listed as configured and instead just auto-blocked, just because they are not configured.

--
https://wheretofind.me/@NoSubstitute
Reply

Go to solution
Kim_Nilsson
Admin Moderator
In response to kcalderw

‎09-26-2023 05:51 AM

No, I usually choose Trusted for tools that we want people to use.

I have only used Limited for my testing, but in the future I may choose Limited more often, if tools are only supposed to be used to log into, and not actually give access to any other services.

For that purpose I have have loosened the restrictions on the Google Sign-in service to Unrestricted, while keeping Restricted on everything else.

--
https://wheretofind.me/@NoSubstitute
0 Kudos
Reply

Go to solution
Kristal
Community Manager
Community Manager

‎09-26-2023 02:32 PM

Hi Jen,

I shared with the product team and they wanted me to provide you with the following information:

With these new enhanced controls, we are asking customers to review apps that users have accessed in the past to confirm they have the appropriate access setting. In order to minimize student disruption and allow Admins time to review and confirm access to third party apps, Admins see their entire apps list, which includes apps that admins configured as “trusted” or “blocked” as well as apps with an access policy of “limited” (apps your users have previously accessed). We recognize that references to “configured” apps may have introduced unintended confusion. After Oct 23, previously accessed apps that are not confirmed will be placed in an unconfigured state and no longer be accessible to users under 18.

Kristal D Ayres
0 Kudos
Reply

Go to solution
mcbride
New Contributor III

‎10-06-2023 07:11 AM

We are seeing this same behavior and I'm so glad I decided to come back to this group after a while away. I was beginning to think I was losing my mind wondering why so many apps were already marked as configured when I knew I hadn't done it. Hate that it's messed up but glad to find out it wasn't just me.

0 Kudos
Reply

Go to solution
MattDPenn
Contributor II

‎10-06-2023 08:08 AM

When you say configured do you mean trusted or limited? There was a webinar yesterday with Google + Clever where they went over the details and it sounds like any service that has previously been access via Google oauth by users automatically got branded as "limited". I also assume if you set the default behavior for new services to limited they'll probably pop up in there once accessed.

0 Kudos
Reply

Go to solution
Kim_Nilsson
Admin Moderator
In response to MattDPenn

‎10-06-2023 08:19 AM

Yeah, Google resurfaced old used apps/services as "configured" (limited).

Afaik there's no such thing as "default behaviour for new services as limited ". Maybe I misunderstood.

--
https://wheretofind.me/@NoSubstitute
0 Kudos
Reply

Go to solution
MattDPenn
Contributor II
In response to Kim_Nilsson

‎10-06-2023 08:23 AM

Hmm I swear they said there was that setting though maybe I'm mixing it up with the toggle for under-18 to request access to services.

0 Kudos
Reply
  • © 2023 Google. All rights reserved.
  • Privacy Policy
  • Terms of Service
  • Community Guidelines