How can we help?

Application Risk Levels

Noga Tubi
Noga Tubi
  • Updated
How application risk levels are being calculated?

For applications that were discovered through OAuth, Torii shows the OAuth risk level associated with each application.

Those risk levels can be viewed from the security page.

About OAuth 2.0 Scopes

OAuth 2.0 uses scopes as a mechanism to limit an application's access to a user's account. An application can request one or more scopes, this information is then presented to the user in the consent screen, and the access token issued to the application will be limited to the scopes granted.

Torii Risk Levels

The risk levels are determined according to the OAuth scopes that the users have granted to the application to their Google Workspace (G-Suite)/Azure-AD/Slack accounts.

  • High: Apps with modify access

  • Medium: Apps with read-only access to sensitive data

  • Low: Apps with read-only access to non-sensitive data

 

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request