Back in early May, a widespread phishing scam started to spread among Gmail users. The email, which looked realistic to many users, had people grant OAuth access to a web application that was pretending to be Docs. Google quickly killed the web application, but it showed that the company needed to take additional steps to help protect its customers…
Amazon Kindle Paperwhite
Today, Google announced on its blog that it will soon give G Suite customers the ability to whitelist specific OAuth applications. What this means is that the administrator of a company can now explicitly state which third-party web apps users can and cannot access.
This is just another step that Google is taking to help protect customers and their data. By giving G Suite admins this power, they don’t need to worry about a malicious application taking control of an employee’s Google account, stealing valuable company data, and spreading the attack to more people.
G Suite customers should see this new feature roll out to their Admin console in the next couple of days. Google has created a tutorial to help customers learn how to whitelist specific OAuth applications which can be found here.