As a Google Workspace (G Suite) admin, you can manage the apps that users associated with your account can find and install for work.
This allows you to secure your organizational data and ensure that your teams only use trusted web and mobile apps.
This article will discuss how you can manage mobile apps for your organization and the various app management controls and privileges you get as a G Suite admin.
Let’s get started.
What Are Google Apps Manager Mobile Apps Anyway?
Google Workspace is a collaborative application platform that allows teams to manage their work in a secure environment centrally controlled by the G Suite admin.
When using Google Workspace, your team members can install and use applications associated with your business account. This provides them access to the necessary business data they require for performing their day-to-day operations.
However, this ability also comes with a data security risk.
When users have access to your business apps on their personal devices, there’s always a chance of data breaches, theft, mismanagement, and other data risks.
Google Workspace mitigates this risk by providing G Suite admins additional privileges to manage and control user application access.
As a G Suite admin, you can manage a list of approved applications that your team can view and install to their systems from Google Play or App Store.
All the applications on this list are automatically managed, which means they remain connected to your Workspace account and under your control. They’ll function as usual for the users, but as the G Suite admin, you’ll have the ability to install/uninstall applications to user devices, upgrade versions, and control access.
You can also use advanced management to have more control over access to your organization’s data. For example, you can restrict mobile device features like notifications on the lock screen, require device encryption, manage apps on Android devices, iPhones, and iPads, and wipe data from a device.
You can do all of this, along with many other app management tasks, by adding apps to the Web and mobile apps list in your G Suite Admin Console.
How Google Apps Manager Mobile Apps Work
To understand how Google mobile app management works, you need to understand both sides of the picture.
App management involves two main parties.
- The Google Workspace admin
- Users associated with the Google Workspace account
Each party has different permissions and privileges when using managed applications in Google Workspace.
Let’s discuss them one by one.
App Management Privileges As A G Suite Admin
You can perform various app management tasks as a G Suite admin and control how your users access the applications associated with your Google Workspace account.
Here are a few examples of how your app management privileges as a G Suite admin.
Manage An Approved Applications List
You can add managed applications to an approved app list from your Google Workspace Admin Console. Then, when the users associated with your Workspace account search for applications, they’ll only be able to find approved apps from your list.
Similarly, when you remove an application from the approved apps list, it becomes unavailable to users. If some users have already installed that app, it will remain on their devices but no longer be managed by your Google Workspace admin. This means it won’t be able to access your Google services or business data.
Control Who Can Install Apps
You can control which users in your organization can access and install the applications on your approved list. You can also turn access on or off for large user groups of organizational units using Google Apps Manager (GAM).
Block Unmanaged Apps
As a G Suite admin, you have the option to block all unmanaged applications on your company-managed mobile devices. This means that users associated with your Google Workspace account won’t be able to find or install the blocked apps. If a user already has an application on their device, it will remain there but disconnected from your Workspace account.
Similarly, you can also block access to preinstalled system apps like Calculator and Clock on your company-managed devices for both Android and iOS.
Block Or Limit App Access To Google Services
G Suite Admin Console offers you several advanced security features to ensure that your business data is only used by the users you allow. One such feature is the ability to block or limit app access to Google services.
There can be a couple of scenarios here.
The apps in your approved app list have unrestricted access to your Google Workspace and Google services data. As a G Suite admin, you can keep an app on the approved list but restrict its data access.
Alternately, you may want to keep an app off the approved apps list but allow access to some or all of your Google services data for a limited time.
In both scenarios, G Suite Admin privileges allow you to grant or revoke access when you want.
Control User Access To Google Apps
Using the approved app list in your Admin console, you can control which apps your team can view and install to their systems. However, you can also control user access to Google apps using several advanced filters.
For example, you can block app access for specific OS versions, IP addresses, geographic location, or device ownership.
End-User Experience Using Managed Apps In Google Workspace
As explained in the previous section, you can control who accesses your Workspace apps as a G Suite admin.
But what does that mean for the end user’s experience?
Well, first of all, to access any managed application on Google Play or App Store, the user needs to be associated with your Google Workspace account.
This means if a user is signed in with their personal account, they won’t be able to access the apps you’ve approved for your team.
When users sign in with their work accounts linked with Google Workspace, they can only access the applications you’ve added to your approved list.
Android users can access approved applications in the managed Google Play store on the Work Apps tab in Google Workspace. Only the applications preapproved by the G Suite admin will appear in the managed Google Play store.
Preapproved managed apps in the Google Play store are marked with a briefcase icon so that users can easily differentiate them from personal applications.
Company-managed user devices can install approved applications from the managed Google Play store. However, if a user doesn’t have a managed Google account, they’ll need assistance from the G Suite admin to enable app installations on their devices.
In either case, the apps installed on a user’s device remain in the G Suite admin’s control. We’ve already discussed the various ways G Suite admins can exercise their control over user apps.
Example 1: Adding the Shopify App To Approved Apps List
Suppose some users in your organization need to use the Shopify app to set up the ecommerce side of your business.
Since Shopify is not among the default Google Workspace apps, you’ll need to add it to the approved apps list as a G Suite Admin from the Admin console.
You have the choice to approve this app for all managed users or only for the users who need to use the app.
In both scenarios, the G Suite admin console provides you with sufficient features to control application access for your users.
Once the app is added to the approved apps list, users can download and install them from the managed Google Play store by signing in to their Workspace accounts.
Alternately, the G Suite admin also can directly install the app to all the relevant managed user accounts.
Example 2: Revoking Access To Gmail
Suppose you’ve granted company-wide access to Gmail for all managed accounts but now want to revoke access for selected users.
Thankfully, the Google Workspace Admin console has the necessary options to help you do that.
You can revoke access to Gmail (or any other app) for specific users through their managed accounts. But suppose you want to revoke access for a large group of users, users from a particular IP address or geographic location, or users with a specific OS. In that case, you can do so through the Google Workspace Admin console or by running a Google Application Manager (GAM) script.
Users who already have the Gmail app on their devices can continue using it. But it won’t be connected with your organization’s Google Workspace account. As a result, those users won’t be able to access your business data through their Gmail app.
How to Get Started With Google Apps Manager Mobile Apps
Now that we’ve discussed the fundamentals of Google app management, let’s see how you can perform various admin tasks for managing mobile apps in Google Workspace.
Adding An Application To The Approved App List
One of your most frequent tasks as a Google Workspace admin for mobile apps is managing your approved apps list and adding new applications.
As an admin, you can approve third-party, private, and internal apps to your approved list.
Here’s how you can do it:
- Sign in to your Google Workspace admin console with your admin credentials.
- From the Admin console Home page, go to Apps → Web and mobile apps.
- Click Add app → Search for apps and enter the app’s name to search for it.
- When you find the app you’re looking for, click on it to continue.
- Now, you have the option to choose your target users for the app. If you want to allow everyone in your company to install this app, select Entire organization.
- To allow only certain users to install the app, click Select groups or Select organizational units. You can add both groups and organizational units.
- Click Continue.
At this point, you have the option to configure several advanced settings to determine how users access the newly installed app.
Once you configure these settings (optional), simply click Finish to complete the installation process.
You have successfully installed a third-party app o the select managed users associated with your Google Workspace.
If you want to install private or internal apps for your Android users, simply publish the app in your managed Google Play store to automatically add it to the approved apps list.
From there, anyone in your organization can download and install it.
Remove An App From The Approved List
Removing apps from the approved list is another frequently occurring admin task. Once you remove an app from the approved list, no one in your organization can install them on their devices.
However, the users who already have that application can still use it. But it won’t be connected with your Google Workspace account.
Here’s how to remove apps from the approved list:
- Sign in to your Google Admin console.
- From the Admin console Home page, go to Apps → Web and mobile apps.
- From the approved apps list, go to the app you want to remove and click More.
- Click Delete to remove the app.
- To remove multiple apps from the approved list, select all of them by ticking their checkboxes.
- Click Delete at the top.
Sign Out A User From A Managed Device
Your Google Workspace account and its data can be at risk if any of your managed devices are stolen, misplaced, or go into the hands of unauthorized users.
In such cases, you have the option to sign out a user from your Google Workspace so that their device cannot be used to steal or impact your data in any way.
- Sign in to your Google Workspace Admin console with your admin credentials.
- Inside the Admin console, go to Users
- Find the affected user in the user list.
- Open the user’s account page by clicking their name.
- Click Security→ Sign-in cookies→ Reset.
This will sign out the user from their Google account associated with Google Workspace and revoke all app access.