This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ Log in to ask a question

Managing Third-Party Applications

chand
Admin Moderator
‎02-15-2024 03:11 AM

In October 2023, Google Admins needed to make sure that all third-party applications were configured for use in the Admin console. Control which third-party & internal apps access Google Workspace data

When users sign in to third-party apps using the "Sign in with Google" option (single sign-on), you can control how those apps access your organization’s Google data. You use settings in the Google Admin console to govern access to Google Workspace services through OAuth 2.0. Some apps use OAuth 2.0 scopes—a mechanism to limit access to a user's account. 

  • Have you reviewed and configured all of the third-party applications in your Admin Console? 
  • What is your method for configuring third-party applications going forward? 
  • How might Google make this process more effective in the future?
Topics:
0 Kudos
7 Comments
Surma
New Contributor
‎02-23-2024 07:52 AM
‎02-23-2024 07:52 AM

The one thing I would say is that the error message users get when trying to use "Login with Google" does not always help us identify what app needs to be approved.

0 Kudos
bethhughes
Contributor
‎02-23-2024 08:10 AM
‎02-23-2024 08:10 AM

@Surma Do you  receive this error message even when you have the API Control setting to allow users under 18 to request access to unconfigured third-party apps? If you do this, then the request will appear on the Home page in GAC. If you are like me, there are days that I do not sign into GAC.  (Rarely, but it happens. 😆) If this is the case, you can create a reporting rule receive an email each time a request is made.

Surma
New Contributor
‎02-23-2024 08:13 AM
‎02-23-2024 08:13 AM

It is not so much the students, it is the teachers that are requesting and of course they are not given the option to request.

0 Kudos
bethhughes
Contributor
‎02-23-2024 09:00 AM
‎02-23-2024 09:00 AM

Earlier this year, I had this happen and I asked the teacher to have just one student request the app so that it was in the request list. Then I used that request to vet the app and approve it. I agree, there needs to be a built-in way for teachers to send a request to an admin to approve the app for the students.

jdsok
New Contributor II
‎03-19-2024 11:51 AM
‎03-19-2024 11:51 AM

There's (as far as I can tell!) no mechanism to "pre-approve" apps -- we have to wait for a student to try to use the app and then request access before we can approve the app (after it pops up in the request area in the admin console).  This is a Bad User Experience all around; as IT, we're asked to vet and approve certain applications/websites/etc, and we do, but have no way of actually approving that third-party API call ahead of time, which means the user is essentially told "you can use this! Ok not really, ask for it now" which is not great.

0 Kudos
bethhughes
Contributor
‎03-19-2024 12:12 PM
‎03-19-2024 12:12 PM

@jdsok  I thought you could add an App in the Admin Console through Security>API Controls>App Access Control>Configured Apps. There is a pulldown next to Add app. (see snip below) In my case, I selected the top option, entered the name of the app and clicked search. If the app is not in the list, you can contact the company for the client ID and enter it that way. Is this the same process that you are looking for?

bethhughes_0-1710875220197.png

 

jdsok
New Contributor II
‎03-19-2024 12:28 PM
‎03-19-2024 12:28 PM

@bethhughes That would probably work, if the company would make that information more easily available, yes!

0 Kudos
Popular Articles
  • © 2023 Google. All rights reserved.
  • Privacy Policy
  • Terms of Service
  • Community Guidelines