Third Party Apps Audit

Follow

Contents

What is a Third Party Apps Audit?

Third Party Apps Audit allows an Admin to take action (revoke or approve access) on multiple third party apps that have been installed by users or Admins within their domain.

  • Third Party Apps Audit is available to use in the Google Apps section of BetterCloud
  • All Apps that have been installed and authorized by a user on your domain are available to conveniently view and manage all from one place

Note: Only apps that require authentication will show in Third Party Apps Audit

 

Syncing

To sync your Apps, please click on the sync button pictured here.

What can Third Party Apps Audit do?

  • Enables an Admin to view all third party apps that have been installed by users and Admins on your domain
  • Allows an Admin to approve or revoke access/authorization to certain apps by organizing them as one of the following:
    1. Blacklist
    2. Whitelist
    3. Unresolved
  • This feature also allows an Admin to view the users who have installed and provided authorization to each app
  • Creates an organized list and view of what Apps have been authorized by users or admins
  • Gives ability to view Permissions for each App:
    1. Drive - read/write
    2. Directory - read/write
    3. Email - read/write
    4. Domain - read/write
    5. Account - read/write
    6. Other - read/write
  • Some applications require app-specific passwords. BetterCloud allows you as the admin to determine which users have set these up on their applications

Browsing Apps

You are able to view all of the apps installed on your domain in one place in BetterCloud. While browsing, you can also view key information on each app as well as take action (revoke or approve access).

  1. You are able to organize all of your apps into a set of 4 lists. These lists track what apps you have approved or revoked access to (*deeper dive into each access setting/list in section 3):
    • Blacklist
    • Whitelist
    • Unresolved
    • All Apps: quick view of all three of the above lists combined, a complete list of all apps used by your domain
  2. Filters are available to sort through all of the Installed Apps on your domain. You can filter by:
    • Permissions Granted
    • App Name
    • Permission Score
    • Domain Wide Access
  3. Export to spreadsheet
  4. Perform actions on the selected app(s)
    • Whitelist: Allows users on the domain to install and use the application
    • Whitelist & Notify Users: Allows users on the domain to install and use the application and sends a customized email
    • Blacklist: Revokes access to application for all users who install it
    • Blacklist & Notify Users: Revokes access to application for all users who install it and sends a customized email
    • Notify Users: Customize emails to users who have installed the app
  5. App Name
  6. Permission Score/Permissions
    • Permission score is a number between 1 (least) and 10 (most) that ranks the amount of access an application requires to the domain or user account
  7. Domain Wide Access
    • Full means that an admin installed the app granting it permissions to the entire domain
  8. Category of Application
  9. Vendor who created the application
  10. Number of installs
  11. Take action on apps:

=Whitelist =Blacklist

Managing Access to Apps On Your Domain

You are able to approve or revoke access to all of your apps into a set of 4 lists that track what apps you have approved or revoked access to.

As an Admin, you are able to go into each list and manage all of the apps installed in your domain in one central location, in an easy and well organized way.

  1. Blacklist: These are the apps that you have revoked access from for your domain users
    • Putting an app in this list removes the authentication for the app
    • These apps remain installed, but users are not able to log in or use the app, as access has been revoked
    • Once access has been revoked, a user can reinstall the app, however authentication will be revoked again on each sync.
      Please note: If a user was manually revoked on the apps detail page or the user detail page, you will need to revoke access again if the user re-installs the app.
  2. Whitelist: Apps in this list have been approved by you and users are able to log in and use
    • These are the apps that you proactively choose for users to have access to
    • This will not automatically grant your users access these apps
  3. Unresolved: If an app is listed here, it means you have not reviewed it yet for Blacklist or Whitelist
    • This list serves an easy way to stay on top of what apps you still need to take action on
    • All newly installed apps would appear here (before they are Blacklisted or Whitelisted)
    • Users are able to log in and use all apps on this list, so make sure to check in and review these apps
  4. All Apps: view of all three of the above lists combined, essentially a total list of all apps used by your domain

You can also mark an app as Whitelist, Blacklist, or Unresolved on the individual app’s page.

App View

By clicking into an app, you have the ability to view the app details as well as its usage on your domain. You are able to:

  1. View app name
  2. View and change app status - unresolved, whitelisted, or blacklisted
  3. View permissions granted to app and permission score
    • Shows if the app can read and/or write to certain areas of your Google account
  4. Add notes
  5. Export data to a spreadsheet
  6. Revoke access from selected user(s)
  7. View all users that have installed app
  8. Take actions
  9. View Domain Access

User View

You are able to view all of the apps a user has installed and authenticated on their user profile. Here you can:

  1. Filter apps
    • By permissions granted - what areas the apps have access to (i.e. Drive, Email, etc)
    • By app name
  2. Export to spreadsheet
  3. Revoke access from selected user(s)
  4. View app name
  5. View date discovered - date BetterCloud discovered the installation after a sync

App-Specific Passwords

App-specific passwords is a feature created by Google to provide an extra layer of security to your account for users enrolled in “2-Step Verification”. In BetterCloud, you can manage these passwords for every user.

  1. Filter by user’s name
  2. Export to spreadsheet
  3. View user who installed the app/password
  4. View application name
    • Note: A user can title their application specific password whatever they want, this title may be misleading and may not be a true representation of the application
  5. View date password was created
  6. View date app was last used
  7. Remove authentication

Note: An Admin can only delete a password, they cannot create one.

App Policies

BetterCloud also allows you to create policies to manage third party apps installed on your domain by your users. These policies can keep your domain secure by automatically revoking access to the account or domain associated with the application. Policies can also notify users if they install a potentially risky application. To learn how to set up an App Policy CLICK HERE!

Scopes Summary

Click here to see all the different scopes that an application may request access to and what they mean.

Important

Apps will only display in Apps Audit if the application requests some level of access to your domain. Apps that require access to your domain will display a pop-up (shown below) when installing.

Google Related Articles

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request