# 65 Apps Script / add-on / AI-agent governance

> v0.1.3 · role: Prevent · edition: All (OAuth-scope controls: Ent/Edu Std+) · [policy: #37 · #19, #36](https://docs.google.com/spreadsheets/d/1nOztaPd1Y7eNeRSR_hdovYy-ncpx-bAx/edit?usp=sharing&ouid=115159875779023172526&rtpof=true&sd=true)

Apps Script, add-ons and AI-agent integrations all run code with a user's OAuth scopes inside the tenant, and anyone can author a script. This control turns Apps Script off by default and on only for the OU that actually builds automation, allows only script projects owned inside the organisation, sets unconfigured third-party apps to blocked so new add-ons and agent integrations must be allowlisted by client ID, and reviews the domain-wide delegation list — a delegated service account bypasses per-user consent entirely and is the most dangerous add-on of all.

Documentation: [Monitor and control Google Apps Script use in your Google Workspace organization](https://developers.google.com/apps-script/guides/admin/monitor-use)

## Caveats

- Blocking Apps Script does not remove already-authorised script triggers — audit the existing triggers and tokens as well as the setting.
- Apps Script on/off and per-app blocking work on all editions; the Apps Script URL-fetch allowlist needs Business Plus+, and OAuth-scope monitoring / high-risk-scope restriction needs Enterprise or Education Standard/Plus.
- The API-controls half is the same screen as №8 and №9 — set it once, and make sure the three controls' verdicts agree instead of overwriting each other.

## Setup steps

1. Set Apps Script service status per OU (organizational unit) — off by default, on only for the OU that actually builds automation. — `Apps › Additional Google services › Google Apps Script`

   Service status = Off for everyone; On for the automation OU

   docs: [Turn Apps Script on or off for users](https://knowledge.workspace.google.com/admin/users/access/turn-apps-script-on-or-off-for-users)

2. Restrict Apps Script to organisation-owned projects via App access control: with unconfigured third-party apps blocked (next step), enable Trust internal apps so only organisation-owned script projects keep working. — `Security › Access and data control › API controls › App access control`

   Trust internal, domain-owned apps = On (organisation-owned scripts allowed; external/unknown scripts fall under the unconfigured-apps block)

3. Set unconfigured third-party apps (which includes new add-ons and agent integrations) to "Don't allow users to access any third-party apps" on the Settings tab, then allowlist by client id in the configured-apps list ([№8](oauth-app-control.md)). — `Security › Access and data control › API controls › App access control`

   Settings: Unconfigured third-party apps = Don't allow users to access any third-party apps; Manage third-party app access: trusted apps added explicitly (№8)

   docs: [Control which apps access Google Workspace data](https://knowledge.workspace.google.com/admin/apps/control-which-apps-access-google-workspace-data) · [Control which third-party & internal apps access Google Workspace data](https://knowledge.workspace.google.com/admin/apps/control-which-third-party-and-internal-apps-access-google-workspace-data)

4. Review the domain-wide delegation (DWD) client list ([№8](oauth-app-control.md) audits the same register) — a delegated service account bypasses per-user consent entirely and is the most dangerous 'add-on' of all. — `Security › Access and data control › API controls › Domain-wide delegation`

   Remove any client id without a named owner and a justified scope list

   docs: [Control API access with domain-wide delegation](https://knowledge.workspace.google.com/admin/apps/control-api-access-with-domain-wide-delegation)

## Ongoing maintenance

- **[automatable: AI agent]** Monthly: review newly created Apps Script projects and add-on grants against the register.

## How to verify

1. From a test account, run a script that calls a restricted API/scope — the consent or execution must be refused per the policy.

## Settings screens

- Apps > Additional Google services > Google Apps Script (service status)
  - console: https://admin.google.com/ac/appslist/additional
  - screenshot: ../screenshots/admin.google.com/ac/appslist/additional.png
- Security > Access and data control > API controls > App access control > Settings (unconfigured-apps default)
  - console: https://admin.google.com/ac/owl/settings
  - screenshot: ../screenshots/admin.google.com/ac/owl/settings.png
- Security > Access and data control > API controls > Domain-wide delegation
  - console: https://admin.google.com/ac/owl/domainwidedelegation
  - screenshot: ../screenshots/admin.google.com/ac/owl/domainwidedelegation.png
