How can we help?

Application Risk Levels

Noga Tubi
Noga Tubi
  • Updated
How application risk levels are being calculated?

For applications that were discovered through OAuth, Torii shows the OAuth risk level associated with each application.

Those risk levels can be viewed from the security page.

About OAuth 2.0 Scopes

OAuth 2.0 uses scopes as a mechanism to limit an application's access to a user's account. An application can request one or more scopes, this information is then presented to the user in the consent screen, and the access token issued to the application will be limited to the scopes granted.

Torii Risk Levels

The risk levels are determined according to the OAuth scopes that the users have granted to the application to their Google Workspace (G-Suite)/Azure-AD/Slack accounts.

  • High: Apps with modify access

  • Medium: Apps with read-only access to sensitive data

  • Low: Apps with read-only access to non-sensitive data

Sensitive data is defined by Torii as any personal information except your basic profile information, such as:

  • Your calendars
  • Your street addresses
  • Your complete date of birth
  • Your phone numbers

 

Additionally, it also refers to any non-personal information on your account, such as:

  • Users on your domain
  • User aliases on your domain
  • User calendars
  • Group names and membership
  • Usage reports for your domain

 

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request