Product Update
31,863+ unique SaaS applications discovered for our customers | Read more

How to revoke SaaS-to-SaaS integrations with Nudge Security

With our latest release, we’re making it even easier to mitigate OAuth risk. Here’s how.

I have a confession to make: Sometimes, when I’m trying to fuse two SaaS applications together for some productivity hack at work, I breeze through the ubiquitous OAuth request screen without much thought. This app wants permission to read all of my Slack messages? Whatever. This calendar widget wants permission to delete files on my Google Drive? Cool. This one wants permission to record all of my Zoom calls? Go for it.

OAuth grants make it easier than an Ultrahand to fuse together multiple SaaS applications—no code required.

To be fair, I’m hardly alone. OAuth grant requests have become another version of the terms and conditions we all scroll past to get what we wanted, fast. (Well, everyone except our privacy lawyer friend, Bradley Gold.) But, as it so often goes, what’s a dream for productivity is a nightmare for the IT security team. Managing OAuth risk is quickly becoming a top priority for cybersecurity practitioners, and we’re here to help.

Earlier this year, we introduced OAuth risk scoring capabilities to Nudge Security to help IT security teams track all of the SaaS-to-SaaS integrations across their organizations, and to immediately surface risky and overly permissive grants. In today’s release, we improved upon this functionality with the addition of a handy “revoke” button. With it, Nudge Security administrators have the option of revoking risky and overly permissive OAuth grants for Microsoft 365 and Google Workspace directly from within Nudge Security.

Now, Nudge Security users can see all app-to-app integrations granted through OAuth, surface OAuth risks, review details, and take response action—all without having to bounce around multiple environments to piece it together. This is especially useful alongside Nudge Security’s third-party vendor risk insights and SaaS supply chain breach data. For example, if you receive an alert that Bill in operations just started using a new SaaS application hosted in a country on your "no" list, you can immediately revoke any OAuth grants he gave. Or, if you receive a SaaS supply chain breach notification from Nudge Security and want to quarantine a breached SaaS provider, you now have an incredibly streamlined way to see everything it’s connected to and quickly pull the plug.

Pretty cool, huh? Of course, with great power comes great responsibility. I won’t claim (unlike some in the industry) that you can revoke OAuth grants with zero disruption to the employee experience. Beyond break-glass situations, revoking OAuth grants that are used by your workforce without any context or warning is a bit aggro, don’t you think? That’s why we’re continuing to develop and incrementally improve upon this feature with the ethos on which we founded Nudge Security. Keep an eye on our Changelog (or better yet, subscribe to its RSS feed) for frequent product updates.

In the meantime, give it a try and let us know what you think. You can start a zero-commitment 14-day free trial here!

Related posts


Debunking the "stupid user" myth
in security

Exploring the influence of employees’ perception
and emotions on security behaviors