Source URL: https://www.theregister.com/2024/09/03/google_workspace_third_party_apps/
Source: The Register
Title: Deadline looms: Google Workspace mandates OAuth by September 30
Feedly Summary: 27 days to get your users’ third-party apps on Google’s sign-in
Google Workspace administrators, consider yourselves on notice: In less than a month, many third-party apps (mail, calendar, etc.) will stop connecting to Workspace accounts. …
AI Summary and Description: Yes
Summary: Google is set to disable access to “less secure apps” (LSAs) for Workspace accounts by September 30, requiring all users to authenticate via OAuth. This transition is intended to enhance security by eliminating less secure sign-in methods. Administrators must prepare for adjustments to third-party application integration and user support during this transition phase.
Detailed Description: Google’s decision to phase out “less secure apps” (LSAs) in Google Workspace marks a significant step towards enhancing the security posture of its services. Key implications of this change include:
– **Effective Date**: As of September 30, LSAs will be entirely disabled for Google Workspace accounts.
– **Definition of LSAs**: Google defines LSAs as any application that does not utilize OAuth for authentication. This means users will no longer be able to log in using just their passwords.
– **Impact on Application Users**:
– Users of well-known email clients like Thunderbird, iOS/macOS Mail, and Outlook for Mac must reconfigure their accounts to use the “Sign in with Google” option.
– Outdated applications such as Outlook 2016 will not be supported, necessitating upgrades.
– **Mobile Device Management (MDM)** Considerations:
– MDM platforms that use IMAP, CalDAV, CardDAV, POP, or Exchange ActiveSync are being deprecated, with ActiveSync to be disabled by the end of September.
– Admins must reconfigure device connections through their MDM providers to ensure continued access to Google accounts using OAuth.
– **Future Steps for Connected Devices**:
– Scanners and other devices that send documents via email will also need to be reconfigured, as their current setup will cease to work post-transition date.
This move aligns with best practices in security for cloud services and emphasizes the importance of utilizing more secure authentication methods. Administrators are advised to act promptly to mitigate any disruptions for end users, particularly in light of potential surges in support tickets as the deadline approaches.
Given the increasing focus on security across cloud-based platforms, this change will likely resonate with professionals in cloud computing security, as it reinforces the necessity for ongoing adaptation and adherence to security best practices.