This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Can we restrict 3rd party SSO for certain OU's?

Posted on 08-22-2022 12:33 PM
jake-story
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Can we restrict 3rd party SSO for certain OU's?

I have an Organizational Unit that contains our (restricted) contractor accounts. We also have many systems such as Slack and Jira which are configured to be "open to a domain", meaning you can SSO using your Google Account to create a user in the service. I would like to restrict the contractor accounts from getting access to certain "3rd party" services like Slack and Jira.

It seems this would be possible across the org by restricting 3rd party APIs entirely, and then setting up allowlists "Trusted" instead of "Blocked" or "Limited" on this page https://admin.google.com/ac/owl/list?tab=apps, but it seems impossible to do so for a specific Organizational Unit.

Am I reading something wrong or is there a workaround for this?

Thanks!

1 1 2,844
Topic Labels
1 REPLY 1

Posted on --/--/---- --:-- AM
anel
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

You can use SSO profiles to apply them to an OU. Only users within that Ou would be using SSO.  https://support.google.com/a/answer/12032922?hl=en

0 Likes
Top Labels in this Space