We released our automation feature that finds AppSheet users that have logged into the AppSheet editor around two months ago now. It was released just prior to receiving scopes approval from the Google Trust & Safety team for pre-testing but has now been in use with approval for some time and showing excellent results in terms of finding 100% of creators, and helping governance teams easily manage this group and the Teamapps and AppSheet licences they are responsible for allocating. 

‍

For background, our customers are Google Workspace customers that are engaging in widespread AppSheet development, which also invariably means that their employees access SaaS services like AppSheet via oAuth ‘sign in with Google’. When they access a service like the AppSheet editor for the first time they ‘Allow’ permissions which can range from using their profile via the Directory API to full CRUD permissions of Google Sheets or Drive. In the case of AppSheet it asks for permissions as seen in the image below. 

‍

‍

Allowing these permissions for AppSheet is what differentiates a user that has been to the AppSheet editor versus having just used an App, given App users are not the owners of any underlying Sheets. So, this is how we can identify users that may have created Apps; as all App creators are a subset of all users that have allowed these permissions. 

‍

To find these users manually you can accomplish this via the admin console if you have admin permissions. This can be done via Reports > Audit and investigations > OAuth log events which can be filtered to return a refined list of users within your organisation that have accessed the AppSheet editor. For full instructions on how to do this visit the following Teamapps support article and follow the actions within step 1. 

‍

Automating this process

For reference, doing the above process manually is as you would expect a single snapshot in time and given users and accessing the AppSheet editor continually it is important to run this search frequently in order to pick creators up as they build Apps. To automate this, Teamapps uses the Admin SDK and more specifically the Reports API to run this report every 5 minutes. This will catch every domain user that has accessed the AppSheet editor ongoing. The image below shows the users that have been discovered via this search in the ‘Log history’ section.

‍

‍

Beyond surfacing these creators in the Log history the creator discovery automation feature also uses the Directory API. This allows it to manage and read Groups within your organisation, then select a group to copy this ever building list of creators to as a repository of users and for the ultimate step which is force installing the Teamapps chrome extension to surface all AppSheet Apps to a central, visible, searchable, manageable location.  

‍

Accessing the creator discovery automation

This feature is included as part of core Teamapps licences. For a free trial and to monitor the emergence of AppSheet App creators across your organisation please reach out to us. The onboarding of this feature and Teamapps in general simply involves a user with the right admin console permissions being setup with a Teamapps account and then enabling this automation, which will in turn ask for the permission to access the APIs from the admin SDK as discussed in this post.