Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Create a Connected Apps Policy

Use the wizard to create a Connected Apps Policy. 

Some use cases for Connected Apps Policies include:

  • Allow your own internally developed apps by default. You can create a policy to whitelist any app that follows a standardized naming convention. For example, any app that begins with "ACME_" is allowed, while all other third-party apps are blocked. 
  • Block apps from G Suite Marketplace until you audit and approve them. You can create a policy to revoke access to all third-party apps that have the status "unassigned." Then you can put the app in the Under Audit status until your team can review and decide to allow or block the apps. 
  • Block certain user groups from installing apps. You can create a policy to block a certain group within your organization from installing any new apps, then create allowed and blocked lists for that team specifically. 
  • Block access to specific resources in G Suite. For example, you can create a policy to block apps from accessing your company's Google Drive. Define your policy based on the resources the apps request access to, scoping app access first, then focusing on individual apps later. 

To restrict apps from users or user groups implicitly from the Connected Apps page, see Restricted Apps

To create a Connected Apps Policy:

  1. On the Policy > Connected Apps Policies page, select Actions > Create a Connected Apps Policy
    connected_apps_policies_create.png
  2. Name. Add a name for the policy. 
  3. Description. Add an optional description for the policy. 
  4. Status. The default status is On. To deactivate the policy, toggle the status to Off.
  5. Services. All Service Instances is the default. 
  6. Users. Click Edit to change. 
    connected_apps_policies_create_users.png
    • Include all Users is the default.
    • Use a predefined dictionary to select a dictionary from the list. 
    • Manually enter users allows you to add a comma-separated list of up to 1,000 characters. 
  7. Click Save
  8. Add Exclusions. Select Users to exclude:
    connected_apps_policies_create_users_exclude.png
    • None.
    • Use a predefined dictionary to select a dictionary from the list. 
    • Manually enter users allows you to add a comma-separated list of up to 1,000 characters. 
  9. Click Save
  10. User Groups. Click Edit to change. Select the User Groups to Include from the list,
    connected_apps_policies_create_user_groups.png
  11. Click Done
  12. Add Exclusions. Select User Groups to exclude:
    connected_apps_policies_create_user_groups_exclude.png
  13. Click Done
  14. Click Next
  15. Select the Rules from the wizard: App Name, App ClientID, App Scopes, App Status or App Risk. Then click Next
    • If you select App Risk as Rules, then you need to select the risk type as High, Medium, Low, or Unavailable and click OK.
      clipboard_eeb01288c0040bc10eb2ad73bc8a0b531.png
  16. Select Exceptions, then click Next
    connected_apps_policies_create_rules.png
  17. Select Responses, then click Next
    connected_apps_policies_create_response.png
  18. On the Review page, review your changes.
    connected_apps_policies_create_review.png
  19. Click Save.  
  • Was this article helpful?