1. OAuth Log Events (User Authorizations).
Use this report to see when users grant or revoke access to apps.
- Go to: Reporting > Audit and Investigation > OAuth log events.
- Shows:
- Which app was authorized (e.g., Adobe Stock).
-
- Whether access was Granted or Revoked.
-
- Date and time of the action.
- Tip: If a user authorizes the same app multiple times, you’ll see multiple entries.
- Optional: Export results for auditing.
2. Google Workspace Marketplace Apps (Domain-Installed Apps).
See all Marketplace apps installed at the domain or organizational unit level.
- Go to: Apps > Google Workspace Marketplace apps > Apps list.
- Shows:
- Installed apps across the domain.
-
- Distribution (ON/OFF).
- Whether apps are allowed or excluded.
- Distribution (ON/OFF).
3. Web and Mobile Apps.
Check applications deployed to users’ devices through the Admin Console.
- Go to: Apps > Web and mobile apps.
- Shows:
- Apps added for Android, iOS, or web.
- Authentication type (OAuth, SAML, etc.).
- User access (who can use the app).
- Apps added for Android, iOS, or web.
4. API Controls (App Access Control).
Get broader visibility into apps that request access to Google Workspace data, and manage their permissions.
- Go to:
Security > API Controls > App Access Control.
- Shows:
- Configured apps and client IDs.
-
- App ownership (internal or third-party).
- Access level (trusted, blocked, or limited).
- App ownership (internal or third-party).
- Here you can also review apps pending approval and configure new access rules.
Bringing It All Together.
- OAuth log events → track user-level authorizations and revocations.
- Marketplace apps → review add-ons installed at the domain level.
- Web and mobile apps → check deployed apps across devices.
- API Controls → control and restrict app access at the API level.
Using all four together gives you complete visibility into third-party apps connected to your organization’s Google Workspace.