As part of its ongoing commitment to enhancing security and the user experience, Google Workspace for Education is introducing highly restrictive changes within third-party app access and settings.
K12 teachers will no longer be able to freely connect the apps they want to use to their Google Classroom. Now their Google admin and/or others at the central office will decide if the app can be used. And then the admin has to change settings, as described below, so teachers and students can continue their work.
These new rules will be enforced by Google beginning October 23, 2023.
Here’s a comprehensive guide on what’s changing and the necessary steps administrators need to undertake to ensure students have uninterrupted access to trusted applications:
1. Overview of the Changes:
Google Workspace for Education is bolstering its security measures by requiring administrators to review and confirm access settings for third-party apps. This impacts accounts (aka school districts) with users under 18 years old. If the necessary configurations aren’t made, users under the age of 18 won’t be able to sign into the third-party applications they and their teachers are used to using. This is a big deal and you need to be sure your Google Admin knows the apps you and your students need access to!
2. Configuring Third-Party App Access:
If the third-party application is listed in Workspace, follow these steps:
- Navigate to admin.google.com and sign in using an administrator’s account.
- In the sidebar, select Security > Access and data control > API controls.
- Click on Manage Third-Party Access.
- Under Configured apps, click Add a filter > App name.
- Enter the name of the third-party application and click Apply.
- Select the application and click Change access.
- For Scope, choose either your root organizational unit (OU) or a specific OU that contains student accounts. It’s advisable to opt for the root OU.
- Click Next and select Trusted.
- Choose Allowlist for exemption from API access blocks in context-aware access. This option is only available for apps added via OAuth client IDs.
- Click Next, confirm your setup, and click Change Access.
- Ensure that students can successfully sign in to the third-party application.
3. Manually Adding a Third-Party App:
If the third-party application isn’t listed in Workspace, it can be manually added using the Client ID:
- Navigate to admin.google.com and sign in using an administrator’s account.
- In the sidebar, select Security > Access and data control > API Controls.
- Click on Manage Third-Party Access.
- Under Configured apps, click Add App > OAuth App Name or Client ID.
- Paste the specific string provided under the Search for OAuth app name or client ID field.
- Hover over the application name and click Select.
- Choose your ID under OAuth Client ID and click Select.
- For Scope, select either your root OU or a specific OU that contains student accounts.
- Click Next, select Trusted, and then choose Allowlist for exemption from API access blocks in context-aware access.
- Click Next, confirm your setup, and click Change Access.
- Verify that students can sign in to the application.
4. Teachers – Make Requests
For teachers who’ve been used to the kind of flexibility that has defined ed tech for the past three decades, this may come as a shock. It’s a shame that a few bad actors are now causing headaches for all of us.
Who’s your Google admin? You probably don’t know, lol, but you need to find out and let them know the apps that you need access to. ASAP.
4. Conclusion:
The upcoming changes aim to fortify the security and privacy of users within the Google Workspace for Education ecosystem. They also deliver control and legal protections to institutions– whether your Google admins want it or not, they are getting it imposed on them on October 23, 2023.
By proactively taking the steps outlined above, administrators can ensure a seamless transition and maintain access to essential third-party applications for their teachers and students.