Select App Access Controls can now be applied at the organizational unit

What’s changing 

Google Workspace Admins can now configure a number of App Access Control (AAC) policies at the Organizational Unit (OU) level. Previously, this was only possible at the domain level. Specifically, this applies to: 
What happens when users try to sign in to unconfigured third-party apps with their Google Account. Whether internal apps built by your organization can access restricted Google Workspace APIs. Whether custom messages will be shown to users when they can’t access a blocked app.

Who’s impacted


Why it’s important

We know that users rely on a variety of tools to do their best work, including third-party apps. However, not every third-party app aligns exactly with every organization’s security policies. App access controls give customers and partners the ability to control access to third-party apps and how those apps access Google Workspace data. This update gives admins added flexibility, allowing them to set App Access Controls as they see fit at the OU level, rather than across their entire domain.

Additional details

For Google Workspace education editions, the “User requests to access unconfigured apps setting” can now be configured at the OU level. Visit the Help Center to learn more about managing access to unconfigured third-party apps for users designated under the age of 18.

Getting started

Admins: Visit the Help Center to learn more about controlling which third-party & internal apps access Google Workspace data.

Rollout pace

Rapid Release and Scheduled Release domains: Gradual rollout (up to 15 days for feature visibility) starting on March 13, 2024


Available to all Google Workspace customers