What’s changing
When your users sign in to third-party apps using the “Sign in with Google” option (single sign-on) or use OAuth to share their data with those apps, you can control what access those apps have to your organization’s Google data using app access controls.
Admins currently can configure the third-party apps as “Trusted”, giving them access to all OAuth scopes or as “Limited”, giving them access to scopes only from Google services which are not restricted. Beginning today, we’re giving admins another layer of granular control for third-party apps. Specifically, you can now configure apps to be limited by selected OAuth 2.0 Scopes for Google APIs, such as Drive or Gmail scopes. This helps ensure that these apps do not gain additional access without admin consent based on new API scopes that they might request in the future, keeping data access limited to only what is deemed absolutely necessary by admins.
Getting started
Admins: To manage app access, in the Admin console navigate to Security > API Controls > App Access Controls. Visit the Help Center to learn more about controlling which third-party & internal apps access Google Workspace data.
Rollout pace
Rapid and Scheduled Release domains: Available now.
Availability
Available to all Google Workspace customers, as well as Cloud Identity Free and Premium customers