Controlling third-party access into University Google accounts
IT Services are taking measures to enhance information security and data privacy across the University.
From Wednesday 28 August users will no longer be able to integrate new third-party services into University Google accounts using high-risk permissions, i.e. those that request access to read/write/delete in Google Drive, Mail or Calendar.
You’ll still be able to use ‘Sign in with Google’ to access services as long as riskier permissions are not also requested.
This will not affect services that are developed internally using AppScript and tools developed and supported by the DISC team will continue to work as expected.
What if I still want to integrate an external service using high-risk permissions?
Moving forward, high-risk permissions into Google will be controlled by the Cybersecurity team and will only be granted to enterprise grade software that has been introduced in alignment with the University's Cloud Computing Policy (which details the procedure for introducing new software into the University).
Integrations will also need to evidence a meaningful operational benefit to a large number of university users such that the reward is sufficiently impactful to justify the risk (e.g. Zoom integrating into Google Calendar).
Assistive technologies which require high-risk permissions will be assessed on a case by case basis to meet the needs of staff and students.
To request that a third-party application be integrated into Google please complete the Google integration request form (staff only). Submissions will be reviewed on a monthly basis.
We appreciate that these changes may cause some inconvenience but it is a necessary step to keep the University’s information secure. For any questions or further clarification, please contact IT Services.