What is a Third Party Apps Audit?
Third Party Apps Audit allows an Admin to take action (revoke or approve access) on multiple third party apps that have been installed by users or Admins within their domain.
- Third Party Apps Audit is available to use in the Google Apps section of BetterCloud
- All Apps that have been installed and authorized by a user on your domain are available to conveniently view and manage all from one place
Note: Only apps that require authentication will show in Third Party Apps Audit
To sync your Apps, please click on the sync button pictured here.
What can Third Party Apps Audit do?
- Enables an Admin to view all third party apps that have been installed by users and Admins on your domain
- Allows an Admin to approve or revoke access/authorization to certain apps by organizing them as one of the following:
- Drive - read/write
- Directory - read/write
- Email - read/write
- Domain - read/write
- Account - read/write
- Other - read/write
You are able to view all of the apps installed on your domain in one place in BetterCloud. While browsing, you can also view key information on each app as well as take action (revoke or approve access).
- You are able to organize all of your apps into a set of 4 lists. These lists track what apps you have approved or revoked access to (*deeper dive into each access setting/list in section 3):
- All Apps: quick view of all three of the above lists combined, a complete list of all apps used by your domain
- Permissions Granted
- App Name
- Permission Score
- Domain Wide Access
- Whitelist: Allows users on the domain to install and use the application
- Whitelist & Notify Users: Allows users on the domain to install and use the application and sends a customized email
- Blacklist: Revokes access to application for all users who install it
- Blacklist & Notify Users: Revokes access to application for all users who install it and sends a customized email
- Notify Users: Customize emails to users who have installed the app
- Permission score is a number between 1 (least) and 10 (most) that ranks the amount of access an application requires to the domain or user account
- Full means that an admin installed the app granting it permissions to the entire domain
Managing Access to Apps On Your Domain
You are able to approve or revoke access to all of your apps into a set of 4 lists that track what apps you have approved or revoked access to.
As an Admin, you are able to go into each list and manage all of the apps installed in your domain in one central location, in an easy and well organized way.
- Blacklist: These are the apps that you have revoked access from for your domain users
- Putting an app in this list removes the authentication for the app
- The user may still be able to access the app, however, it will no longer have access to their account. In this case, they will be prompted to reauthenticate after navigating to specific areas of the app.
- Once access has been revoked, a user can reinstall the app, however authentication will be revoked again on each sync.
Please note: If a user was manually revoked on the apps detail page or the user detail page, you will need to revoke access again if the user re-installs the app.
- These are the apps that you proactively choose for users to have access to
- This will not automatically grant your users access these apps
- This list serves an easy way to stay on top of what apps you still need to take action on
- All newly installed apps would appear here (before they are Blacklisted or Whitelisted)
- Users are able to log in and use all apps on this list, so make sure to check in and review these apps
You can also mark an app as Whitelist, Blacklist, or Unresolved on the individual app’s page.
By clicking into an app, you have the ability to view the app details as well as its usage on your domain. You are able to:
- View app name
- View and change app status - unresolved, whitelisted, or blacklisted
- View permissions granted to app and permission score
- Shows if the app can read and/or write to certain areas of your Google account
You are able to view all of the apps a user has installed and authenticated on their user profile. Here you can:
- Filter apps
- By permissions granted - what areas the apps have access to (i.e. Drive, Email, etc)
- By app name
App-specific passwords is a feature created by Google to provide an extra layer of security to your account for users enrolled in “2-Step Verification”. In BetterCloud, you can manage these passwords for every user.
- Filter by user’s name
- Export to spreadsheet
- View user who installed the app/password
- View application name
- Note: A user can title their application specific password whatever they want, this title may be misleading and may not be a true representation of the application
Note: An Admin can only delete a password, they cannot create one.
BetterCloud also allows you to create policies to manage third party apps installed on your domain by your users. These policies can keep your domain secure by automatically revoking access to the account or domain associated with the application. Policies can also notify users if they install a potentially risky application. To learn how to set up an App Policy CLICK HERE!
Click here to see all the different scopes that an application may request access to and what they mean.
Apps will only display in Apps Audit if the application requests some level of access to your domain. Apps that require access to your domain will display a pop-up (shown below) when installing.