Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here

Skyhigh Security

Connected Apps Page

The Connected Apps page provides visibility into the third-party apps connected to Google Drive and Microsoft 365 with access to user data. Find Connected Apps at Analytics Connected Apps.

To enable this feature, see:

For information on creating and managing policies, see Connected Apps Policies

NOTE: On the Connected Apps page, in the Omnibar you can use the Contains search, or also search by search by Google OAuth Scope and Client ID. For details see, Contains Search in the Omnibar

Table View

The Connected Apps page Table view is the default view. 

connected_apps_5.3.0.png

The Connected Apps page provides the following information and actions:

  • Search. Search via the Omnibar. On the Connected Apps page, you can search via an app's Client ID, use the Contains search, and the Keyword search. 
  • Filters. Select options on the Filters tab to scope down your search. Provides the options to filter for Status, Scope, and Active. 
    • Authentication Access. Allows you to filter by 3-legged OAuth or 2-legged OAuth Connected Apps. For details see Connected Apps for Google Drive
    • Status. Displays the status of the Connected App. 
      • Unassigned. All discovered apps are classified as Unassigned by default until they are given a status either by an admin or by a policy. 
      • Allowed. Apps that are classified as Allowed. 
      • Restricted. Apps that are classified as Restricted. 
      • Blocked. Apps that are classified as Blocked. 
      • Under Audit. Apps that are classified as Under Audit. 
    • Status Assignment By. Identifies if a Connected Apps status is the result of a Policy, Admin, or System change, and allows you to filter by it.
      • Not Assigned. The list of Apps that are not classified as Policy, Admin, or System change. (System classifies the App as unassigned when the scope changes.)
      • Policy. The list of Apps where the classification was changed by a Connected Apps Policy​.
      • Admin. The list of Apps where the classification was changed manually by an admin from the dashboard.​
      • System. The list of apps where the classification was changed by the system when there was a change in the app's scope.
  • Views. Select Saved Views created by you or shared with you by another user to reuse specified search parameters from a previous search on current data. 
  • Date Picker. Use the Date Picker to select a preset or custom date range to display data from only this date range.
  • Save View. Click to create a Saved View from your search query. 
  • Actions. Click Actions to:
    • Notify Users. Click to notify the Connected App's current users of the Connected Apps status via email. 
    • Download CSV. Click to download a CSV file of the items you have selected in the Connected Apps table. 
    • Response. Use the following actions as an audit workflow for Connected Apps. 
      • Allow. Sets the Connected App's status to allow. Once audited, all users can access this app.  
      • Restrict. Allows you to restrict apps to users or user groups. 
      • Audit. Sets the Connected App's status to audit. Enter email addresses for those users who need to review the app and determine if it is allowed or blocked. 
      • Block. Sets the Connected App's status to block. All users are blocked from accessing this app. 
      • Revoke Access. Revokes access to the Connected App for all existing users including admins. To revoke a particular user's access to the Connected App, see the Users and Admins Pane. (The Connected Apps scan of Google is run every five minutes, but, Google can take up to an hour to actually revoke the Connected App.) For details on revoking access to 2-legged OAuth apps, see Connected Apps for Google Drive
      • Unassign. Sets the Connected App's status to unassigned in the audit workflow. 
    • Create Report
      • Business Report (PDF). Create a PDF report and run it immediately, which then appears in the Report Manager
      • CSV. Create a CSV report and run it immediately, which then appears in the Report Manager
      • XLS.  Create an XLS report and run it immediately, which then appears in the Report Manager
      • Schedule. Schedule a report to run later, which then appears in the Report Manager
    • Settings
      • Edit Table Columns. On the Connected Apps page, when you edit the table and log out, your new columns and sort order are maintained for your next Skyhigh CASB session.  
  • Risk. The CloudTrust risk score for the service. (If the status is Unavailable, that means the service does not appear in the Cloud Registry, so it hasn't been assigned a risk score.) 
  • Status. Displays the status of the app: Unassigned, Allowed, Restricted, Blocked, or Under Audit. 
  • Application Name. Click the link in the Application Name column to display the Service Details page for the Connected App.  
  • Client ID. The OAuth Client ID for the Connected App. 
  • Scopes. OAuth Scopes limit access to a Connected App for your Skyhigh CASB account. Click the number to see Scopes Accessed listed in the Connected Apps Cloud Card
  • Current Users. Displays the users with access to the Connected App. Click the number to display the Users and Admins Pane
  • Current Admins. Displays the admins with access to the Connected App. Click the number to display the Users and Admins Pane
  • Services Accessed. Displays the Services accessed by the Connected App. 
  • Active. Displays the active status of the Connected App: Yes, No, or Pending. 
  • First Install Date. Displays the date that the Connected App was first installed. 
  • Last Install Date. Displays the date that the Connected App was last installed. 

Connected Apps Cloud Card

Click any table row to display the Connected Apps Cloud Card for more details. 

connected_apps_scope_history_5.1.2.png

The Connected Apps Cloud Card provides the following information and actions:

  • Status. Displays the status of the app: Unassigned, Allowed, Restricted, Blocked, or Under Audit. 
  • Client ID. The OAuth Client ID for the Connected App. 
  • First Install Date. Displays the date that the Connected App was first installed. 
  • Last Install Date. Displays the date that the Connected App was last installed. 
  • Actions. Click Actions to:
    • Notify Users. Click to notify the Connected App's current users of the Connected Apps status via email. 
    • Response. Use the following actions as an audit workflow for Connected Apps. 
      • Allow. Sets the Connected App's status to allow. Once audited, all users can access this app.  
      • Restrict. Sets the Connected App's status to restrict. Once audited, no users can access this app. 
      • Audit. Sets the Connected App's status to audit. Enter email addresses for those users who need to review the app and determine if it is allowed or blocked. 
      • Block. Sets the Connected App's status to block. All users are blocked from accessing this app. 
      • Revoke Access. Revokes access to the Connected App for all users including admins. This is a one-time revocation. If a user adds the app again, they have access to it again, but that status shows in the Activation Count column in the Users and Admins Pane. To revoke a particular user's access to the Connected App, see the Users and Admins Pane. For details on revoking access to 2-legged OAuth apps, see Connected Apps for Google Drive
      • Unassign. Sets the Connected App's status to unassigned in the audit workflow. 
  • Only Allowed for. Displays user groups or users that are allowed to access this app, as well as any exceptions. Click the X to remove a user or user group and modify restrictions
  • Usage
    • Current Users. Displays the number of current users. Click the number to open the Users and Admins Pane
    • Current Admins. Displays the number of current admins. Click the number to open the Users and Admins Pane
  • Scopes Accessed. Lists the OAuth Scopes accessed by this Connected App with a timestamp. The timestamp is updated whenever a Scope increases, but not when a Scope is reduced. This allows you to troubleshoot when an app is blocked due to scope increase. 
  • Status Changes. Lists the Status History of the Connected App with a timestamp. 
  • Notes. Provides an area to keep notes on this Connected App. For example, you could add a Support ticket number for a status change. This feature requires you to configure Data Storage. For details, see Data Storage for Skyhigh Security

Users and Admins Pane

connected_apps_users_4.2.2.png

The Connected Apps Users and Admins pane provides the following information and actions:

  • Filter. Filter the user list for All User Types, Admins Only, or Non-Admins Only. 
  • Search. Search the user list for a specific user name. 
  • Current Users. Displays current users names and information. 
  • Revoked Users. Displays revoked users names and information. 
  • Actions 
    • Revoke Access. Select a user or users to revoke access to this Connected App. This is a one-time revocation. If a user adds the app again, they have access to it again, but that status shows in the Activation Count column. For details on revoking access to 2-legged OAuth apps, see Connected Apps for Google Drive 
    • Notify Users. Click to notify the Connected App's current users of the Connected Apps status via email. 
    • Download CSV. Click to download a CSV file of the information displayed in the Users and Admins table. 
  • User Name. Displays the name of the user. 
  • Current Access Status. Displays the current access status of the user 
  • Activation Count. Displays the number of times the user has added the Connected Apps. 
  • Last Accessed Date. Displays the date that the user last accessed the Connected App. 

Chart View 

To display your Connected Apps data in a chart, click the Chart icon under the Omnibar. You can also select a second dimension to your chart for custom attributes. 

connected_apps_chart_view.png

To display Connected Apps data in a chart:

  1. Show. Select an item from the Show list to determine the X axis of your chart. 
  2. By. Select an item from the By list to determine the Y axis of your chart. 
  3. And. In the and dialog, select the second parameter, if available. 
  4. In a. From the In a list, select your chart type, if available:
    • Trend. Line or vertical bar chart.
    • Breakdown. Donut or horizontal bar chart. 

Your data is displayed in the chart. 

To edit an existing chart, click Edit

Troubleshooting

The following features are useful for troubleshooting Connected Apps issues:

In the filters:

  • Status Assignment By. Identifies if a Connected Apps status is the result of a Policy, Admin, or System change, and allows you to filter by it.

In the Cloud Card:

  • Scopes Accessed. Lists the OAuth Scopes accessed by this Connected App with a timestamp. The timestamp is updated whenever a Scope increases, but not when a Scope is reduced. This allows you to troubleshoot when an app is blocked due to scope increase. 
  • Status Changes. Lists the Status History of the Connected App with a timestamp. 

 

  • Was this article helpful?