UPDATED 00:58 EST / JULY 07 2017

APPS

Google improves G Suite security: How to get started with new OAuth apps whitelisting

Google Inc. announced a new feature Thursday called OAuth apps whitelisting that allows G Suite administrators to control how third-party applications use employees’ data.

Gmail was hit by a widespread phishing attack in May, when targeted users were sent a realistic-looking email from an apparently known person, together with a link to a Google Doc. Once users clicked on the link and signed in, they granted the hackers access to their Gmail accounts. According to Google, the phishing attack affected less than 0.1 percent of Gmail users, but it did roll out new Gmail security enhancements nonetheless. 

To help customers further protect their data, Google is launching OAuth apps whitelisting, which stops employees from being tricked into granting malicious apps access to corporate data. The new feature is rolling out in stages and will be available in the Google Admin console in the next few days. Here’s a look at how administrators can get started with the OAuth apps whitelisting feature:

OAuth apps whitelisting

With the new OAuth apps whitelisting feature administrators can see which third-party apps are accessing G Suite data; employees will only be able to access trusted and vetted third-party OAuth apps; and the feature will prevent unauthorized app installs.

G Suite API Permissions

Administrators will first need to review which third-party apps have access to API scopes before creating a whitelist.

Sign into the Google Admin console > go to Security > API reference > click “Show more” > G Suite API Permissions. Administrators can see the API access for core services, like Gmail, Drive, Calendar and Contacts. The links on the right will show the apps that access the various core services.

Block specific API scopes

Administrators can block API access for the core services of Gmail, Drive, Calendar and Contacts. Installed apps can be filtered by API permissions, name or number of users. Any changes made to an app’s access can take up to 24 hours to be removed from the list.

While in the G Suite API Permissions section, click the relevant link on the right to see the apps that will be affected before blocking API access. To remove API access or to selectively disable high risk access for Gmail and Drive APIs, click the Disable radio button.

Note: High risk access can provide access to sensitive data or allow an app to send emails on a person’s behalf.

Once any installed apps are disabled, the scopes will be blocked, tokens will be revoked and the apps will stop working.

If an employee attempts to install an app with a blacklisted scope, they will see the following error message: “Access to your account data is restricted by policies within your organization.

Please contact the administrator for [domain-name] for more information.”

Whitelist of trusted apps

In the Google Admin console > go to Security > API reference > click “Show more” > G Suite API Permissions > click the Trusted tab. To whitelist an app, click the plus icon and the “Add App To Trusted List” window will open > in the “Select App Type” list, select either Android, IOS or Web applications (you will need to complete the OAuth2 client ID for web applications).

For Android or iOS apps, click the Search button to see a list of available apps. Use the scrollbar to see the full list of apps. Click Ctrl + f (or Command + f if using a Mac) to find the relevant app to add to the whitelist > check the tickbox next to the app > click Add.

Remove apps from a whitelist

To remove an app from an organization’s whitelist, sign into the Google Admin console > go to Security > API reference > click “Show more” > G Suite API Permissions > click the Trusted tab > click the more icon (three dots) next to the relevant app > click Remove.

Source: Google Support

Image: Google

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU