Skip to content
Sign up now
All posts

Find Every App in Your Google Workspace

Picture of Michelle Katz   Michelle Katz  ·  4 minute read

Businesses think they know what software their teams are using, but most don't have the full picture.

If your organization runs on Google Workspace, employees can connect third-party apps to their Google accounts in a few clicks without IT approval. Project management tools, AI assistants, file converters, browser extensions, automation platforms. Each one gets granted access to your data, your calendar, your Drive, and your email, and in most organizations, nobody is keeping track.

Shadow IT is a real and growing problem in 2026, and most organizations are further behind than they realize.

What Is Shadow IT in Google Workspace?

Shadow IT refers to any software, app, or service employees use without formal IT authorization. In a Google Workspace environment, it usually starts the same way: an employee signs into a new tool using "Sign in with Google," grants that app OAuth access to their email, calendar, or Drive, and moves on with their day. IT has no record of it.

Data from BetterTracker puts the average company's SaaS count at over 100 applications. Nearly half of those apps are shadow IT, meaning tools IT did not approve, procure, or monitor.

The problem grows over time without anyone noticing. Employees leave, but their app connections stay active. Old tools with full Drive access sit dormant for months or years. Nobody notices until something goes wrong, or until someone audits the SaaS bill.

Why Google Workspace Makes This Hard to Track

Google Workspace is designed for openness and collaboration, which is part of what makes it valuable. It also means the barrier to connecting a third-party app is low. Any user can authorize an app via OAuth in seconds, grant broad permissions including access to email, contacts, and files, and do it repeatedly across departments with no centralized visibility.

Google's native Admin Console gives admins some control. You can navigate to Security > Access and Data Control > API Controls to review OAuth-connected apps. But the review is manual. It does not flag risk levels, track usage patterns, or surface which apps are costing money. For IT teams managing dozens or hundreds of users, that process falls apart quickly.

The Real Cost of Unmanaged Apps

Shadow IT isn't just a security concern. It has a direct impact on SaaS spending, and the two problems are closely connected.

When employees connect apps on their own, organizations accumulate costs that are easy to miss.

Duplicate tools. Multiple teams end up paying for different project management or file-sharing tools that do the same job.

Unused licenses. According to Gartner, roughly 30% of SaaS spend goes to unused licenses and features. Google Workspace seats are one of the most common culprits, and the waste builds when nobody is tracking which users still need access.

Forgotten renewals. Apps connected during a free trial auto-upgrade and attach to a corporate card nobody monitors.

Offboarding gaps. An employee leaves, their accounts are deactivated, but their app connections remain active, sometimes with admin-level permissions.

The spend problem and the security problem are the same problem: nobody has a complete picture of what's connected.

How MSPs Can Use This as a Client Conversation

For managed service providers, Google Workspace app visibility is not just an internal concern. It is a concrete service offering that changes how clients perceive your value.

Clients rarely know what apps their employees are using, what those apps can access, or what those apps are costing them. MSPs who walk into a client meeting with a full inventory of connected apps, flagged risks, and identified savings change the nature of that conversation. Instead of reacting to problems, you are surfacing them before the client knew they existed, and that is what separates an IT vendor from an advisor clients rely on and refer to others.

The questions you should be able to answer for every client:

  • Which third-party apps are currently connected to your Google Workspace domain?
  • Which users authorized those apps, and what permissions did they grant?
  • Are there duplicate tools across departments driving unnecessary spend?
  • Which apps are still connected to accounts that no longer exist?
  • Where are the highest-risk OAuth connections that need review?

What to Look for in a Google Workspace App Visibility Tool

Not all tools solve this problem equally. Here is what matters when evaluating options.

Complete app discovery. The tool should surface every OAuth-connected app across your entire domain, not just the ones IT already knows about. If it only shows sanctioned apps, it is not solving the problem.

User-level detail. Domain-level summaries are not actionable. You need to know which user authorized each app, what permissions were granted, and when the connection was made.

Spend tracking. App visibility and spend visibility need to be connected. Knowing an app exists is not useful if you cannot see what it is costing.

Multi-tenant support for MSPs. If you manage multiple clients, the tool needs to handle multiple Google Workspace environments from a single interface. Logging in client by client does not scale.

Output you can act on. Discovery only matters if it leads somewhere. The tool should make it easy to flag apps for review, identify redundancies, and build a case for consolidation.

Introducing Google Scout from BetterTracker

Google Scout is BetterTracker's Google Workspace discovery tool. It connects directly to your Google Workspace environment and surfaces every third-party app connected to your domain, along with usage data, permission levels, and spend visibility.

For SMBs, it answers a question most businesses cannot currently answer: what software is actually running inside our organization?

For MSPs, it creates a repeatable process for discovering hidden costs and security gaps across every client account and presenting that data in client-facing conversations.

Google Scout is part of BetterTracker's broader SaaS management platform, which also includes ContractTracker, ExpenseTracker, and CustomerTracker. Together, they give you a unified view of what you are using, what you are spending, and where you are exposed.

Start a free trial at bettertracker.com.

Frequently Asked Questions

How do I see all apps connected to my Google Workspace account?

In the Google Admin Console, navigate to Security > Access and Data Control > API Controls to review OAuth-connected apps. For a more complete view that includes usage data, spend tracking, and risk scoring across your entire domain, a dedicated tool like Google Scout surfaces this automatically.

What is the best way to audit third-party apps in Google Workspace?

Start with a full OAuth app inventory, then cross-reference against your active user list to find orphaned connections. Flag high-permission apps for review and identify duplicate tools across departments. Tools like Google Scout automate this process and make the output shareable with stakeholders.

How do I detect shadow IT in my organization?

Shadow IT in Google Workspace is most commonly found through OAuth log audits, which show every app employees have connected using "Sign in with Google." A SaaS management platform surfaces these connections on an ongoing basis rather than requiring periodic manual review.

What should MSPs use to manage Google Workspace apps for clients?

Look for a multi-tenant SaaS management platform that provides per-client app inventories, spend tracking, and usage data. BetterTracker's Google Scout is built to support MSP workflows and makes it straightforward to present findings to clients during regular business reviews.