As an organization owner I receive requests from user to approve third-party apps. As I learn more about these, there are different scopes and permissions requested by these third party apps. How to I review these permissions before approved them? How do I audit the permissions that are currently granted to approved applications?
You can review and approve OAuth apps using this help guide: https://help.github.com/articles/approving-oauth-apps-for-your-organization/
You can also review installed integrations following this guide https://help.github.com/articles/reviewing-your-organization-s-installed-integrations/ as well as deny access to previously approved OAuth apps following this help article: https://help.github.com/articles/denying-access-to-a-previously-approved-oauth-app-for-your-organization/
If there’s anything else I can help you with, let me know; so happy to help further!