Tag Archives: Admin Console

Control access to G Suite apps and services using groups

We’re adding the ability to use Google Groups to control access to G Suite apps and additional Google services within your organization. This provides admins a simple and specific way to make sure the right users have access to the right apps.

This feature was developed based on specific customer requests for more flexible and granular access controls for apps and services. Currently access can only be configured at the Organizational Unit (OU) level. Groups will make it possible to control access by other organizational elements. Customers told us they wanted to be able to turn on apps or services for groups including:

  • Departments or job functions 
  • Project teams 
  • Specific seniority levels 
  • Different geographic locations 
  • Different companies within a wider organization 

Use groups to ensure users have access to apps and services 

Group controls are only additive--they can add access to users who don’t already have access to apps, but they can’t take away access from users that currently have access through a domain or OU level setting.

That means it’s best used to complement your current OU and organizational settings to make sure a specific group has access to an app.

Get started using Groups to turn on apps and services 

To get started, go to the Admin Console > Apps > G Suite or Additional Google services. You can then:
  • Search for and select a group in the left hand panel 
  • Select services individually (by hovering) or in bulk (using the check boxes) 
  • Turn services on or off for the specific group 


You can only select groups which were created by an admin for the organization--you can’t use user-created groups as part of this feature. You may see a notification, pictured below, which tells you about the new feature.



The following admin permissions are needed to access this feature:
  • View all groups 
  • Manage G Suite apps and Additional Google services at the root OU 


See our Help Center for more details on how to control access to G Suite and Google services with groups.

Launch Details 
Release track:
Launching to both Rapid Release and Scheduled Release 

Editions: 
Available to all G Suite editions

Rollout pace: 
Full rollout (1–3 days for feature visibility)

Impact: 
Admins only

Action: 
Admin action suggested/FYI

More Information 
Help Center: Control access to G Suite and Google services with groups



Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates

View company-owned desktop and mobile devices in one place

With this launch, we’re making it possible for G Suite admins to view a more complete picture of the desktop and mobile devices used by employees in their organization.

Add and view device info in the Admin console 

To see a list of the devices your organization owns, you simply need to upload a CSV file listing those devices and their serial numbers in the Admin console. Previously, you could only upload Android devices; you can now add Endpoint Verification devices (Mac, Windows, and Chrome) as well.


These devices will then appear in the company-owned devices list and show as company-owned when you click for more device details.



Launch Details
Release track:
Launching to both Rapid Release and Scheduled Release

Editions: 

  • Uploading Endpoint Verification devices available to all G Suite editions 
  • Uploading Android devices available to G Suite Business, Education, Enterprise, and Enterprise for Education editions only 


Rollout pace: 
Gradual rollout (up to 15 days for feature visibility)

Impact: 
Admins only

Action: 
Admin action suggested/FYI

More Information
Help Center: Add company-owned devices 



Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates

Better group management in the G Suite Admin console

We’re making it easier for G Suite admins to manage groups in their organization. When you open a group in the Admin console, you’ll see helpful cards that show snapshots of key information. When you click into any of the cards, you’ll see more details and have new options to manage the group. The cards and options include:

New settings card makes important group settings more accessible 

Previously, group settings had to be managed through a separate workflow at groups.google.com. We’ve brought the 10 most used settings directly into the Admin console, so you can make key changes without disrupting your workflow. This allows you to quickly control:


  • Access settings, including who can view members, publish posts, contact group owners, and more. 
  • Membership settings, including who can add, invite, and approve group members. 
  • Who can join a group, including if users outside your organization can join. 


If you need to change another setting not included here, you can still use the same groups.google.com settings interface that you use to change group settings today.

Control key group settings directly in the Admin console 

New members card improves group member management 

The members card provides a comprehensive way to manage group members, including better ways to find, add, and manage group members quickly and easily. You can:


  • Bulk upload members through a CSV file 
  • Quickly add new members individually 
  • Remove one or multiple members 
  • Filter the member list by member role 
  • Search by name or email 
  • Change user role individually 
  • Change user roles in bulk 
  • Export members to a CSV file 
Changing user roles in bulk is one of the new management features 

See our Help Center for more details on how to manage groups in the Admin console.

Launch Details 
Release track:
Launching to both Rapid Release and Scheduled Release

Editions: 
Available to all G Suite editions

Rollout pace: 
Full rollout (1–3 days for feature visibility)

Impact: 
Admins only

Action: 
Admin action suggested/FYI

More Information 
Help Center: Manage groups in G Suite


Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates

Create and manage web apps through the Admin console

You can now create, edit, and manage web apps for your organization directly through the G Suite Admin console. This simple interface will help your organization create and use web apps more quickly and effectively.

Web apps turn web pages into apps for better mobile user experiences

Web apps turn a web page into an app on your user’s phones. This can make the web page easier to find and simpler to use on mobile devices. The web app will look like a native app, but when a user clicks on a it Chrome browser opens the specified URL in one of three different display options (see image below). You can distribute web apps the same way you can native apps. This includes adding them to collections in a managed Google Play store.

G Suite customers often use web apps to make sure their users can access key resources on their mobile devices that have websites but don’t have dedicated apps. Examples include employee information portals, intranets, expense submission forms, and more.

Simple web app management in the Admin console 

Find the web apps section of the Admin console at Admin Console > Device management > App Management > Manage apps for Android devices > Manage Whitelisted Apps > Add > Web apps.

From there you can:

  • Create a new web app - Choose the app name, URL, icon, and other details for your web app. 
  • Distribute a web app - Whitelist an app for some or all of your users. 
  • Edit an existing web app - Delete or make changes to a previously created web app. 

See our Help Center for more details on how to create web apps for Android devices.

Note that this is only available to customers with advanced mobile device management enabled.

Web apps let you pin websites as if they were apps on a phone 


Launch Details 
Release track:
Launching to both Rapid Release and Scheduled Release

Editions: 
Available to all G Suite editions 

Rollout pace: 
Full rollout (1–3 days for feature visibility)

Impact: 
Admins only

Action: 
Admin action suggested/FYI

More Information 
Help Center: Create web apps for Android devices


Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates

Two Admin console notification methods to be removed on December 31

On December 31, 2018 we will be removing two notification methods in the G Suite Admin console: 

  • The bell icon in the Admin console web interface (see image below)
  • Push notifications from the Google Admin apps for Android and iOS

You’ll still be able to get all account related notifications via email. Use our Help Center to learn more about how to set up and manage email alerts for G Suite admins.

Bell icon notifications are in the top-right of the web user interface


Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates

Ten third-party applications added to the G Suite pre-integrated SAML apps catalog

With Single-Sign-On (SSO), users can access all of their enterprise cloud applications—including the Admin console for admins—after signing in just one time. Google supports the two most popular enterprise SSO standards, OpenID Connect and SAML, and there are many applications with pre-integrated SSO support in our third-party apps catalog already.

We’re now adding SAML integration for ten additional applications:
  • Automox   
  • Boomi
  • GoodData    
  • LinkedIn Learning   
  • LiquidFiles    
  • Proxyclick  
  • Sigma Computing
  • TextExpander  
  • VersionOne 
  • Zimbra


You can find our full list of pre-integrated applications, as well as instructions for installing them, in the Help Center.

Note that apart from the pre-integrated SAML applications, G Suite also supports installing “Custom SAML Applications,” which means that admins can install any third-party application that supports SAML. The advantage of a pre-integrated app is that the installation is much easier. You can learn more about installing Custom SAML Applications in this Help Center article.

Launch Details 
Release track
Launching to both Rapid Release and Scheduled Release

Editions: 
Available to all G Suite editions

Rollout pace: 
Gradual rollout (up to 15 days for feature visibility)

Impact: 
Admins only

Action: 
Admin action suggested/FYI

More Information 
Help Center: Using SAML to set up federated SSO


Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates

Advanced password controls for increased security

When it comes to protecting online accounts, a strong password is the first line of defense. As such, organizations have various stipulations for their users’ passwords. G Suite admins can already specify minimum and maximum length limits for passwords for their users. With this launch, we’re making it possible to enforce additional rigorous password requirements for increased security and to meet their compliance needs.

Going forward, an admin can do the following:

Require that users set a strong password. 

Admins can already see which passwords in their domain are weak; enabling this setting will allow admins to force users with weak passwords to change them. Direct your users to this Help Center article for tips on creating a strong password. Note that this setting is OFF by default.

Control when password length and strength requirements go into effect. 

You can choose to enforce password length and strength requirements either the next time a user changes their password or the next time they log in. The default is to start enforcement the next time a user changes their password. To change it, check the box next to “Start password policy enforcement at next sign in.” 


Prompt users to change their passwords after a certain number of days. 

If you’re unsure about whether or not you need to do this, we recommend you leave this setting as “Never.”

Prevent users from reusing old passwords. 

To prevent password reuse, we recommend you leave the box for “Allow password reuse” unchecked. This is the default.
Each of these settings can be found in the Admin console under Security > Password management. As part of the launch we are also moving the password length (minimum and maximum) settings from the Basic Settings card to this new Password management card. For more information, visit the Help Center.

Launch Details 
Release track:
Launching to both Rapid Release and Scheduled Release

Editions: 
Available to all G Suite editions

Rollout pace: 
Gradual rollout (up to 15 days for feature visibility)

Impact: 
Admins and end users

Action: 
Admin action suggested/FYI

More Information 
Help Center: Manage your users' password settings


Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates

Organize and create apps for your domain directly from the Admin console

With this launch, we’re making it easier for you to create—and for your users to find—the Android apps they need at work.

Group and order apps in the managed Google Play store

To help your users find the apps they need, you can now group whitelisted Android apps into “collections” that users will see in the managed Google Play store. For example, you can create a collection for frequently used apps or one for apps related to expenses. You can then change the order in which those collections appear, as well as the order of apps within those collections.

You can do all of this without leaving the Admin console; visit the Help Center for detailed instructions. Note that this feature is only available to customers with advanced mobile device management enabled.


Create private apps quickly and easily in the Admin console

We know that creating a private app in the Google Play Console can be time-consuming and often requires unnecessary steps. To streamline that process, we’re now making it possible to publish a private Android app directly from the Admin console.

You no longer need to create a Play Console account, provide a credit card, or fill in irrelevant fields; simply upload the APK and give the app a title (see full instructions here). The app will then appear in the managed Play store within minutes—as opposed to the hours previously required.

Note that this feature is also only available to customers with advanced mobile device management enabled.


Launch Details
Release track:
Launching to both Rapid Release and Scheduled Release

Editions:
Available to all G Suite editions

Rollout pace:
Full rollout (1–3 days for feature visibility)

Impact:
Admins and end users

Action:
Admin action suggested/FYI

More Information
Help Center: Organize Android apps into collections
Help Center: Manage Google Play private apps

Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates

Automatically provision users with two additional apps

When auto-provisioning is enabled for a supported third-party application, any users created, modified, or deleted in G Suite are automatically added, edited, or deleted in the third-party application as well. This feature is highly popular with admins, as it removes the overhead of managing users across multiple third-party SaaS applications.

We’ve heard continued positive feedback from admins, so we’re adding auto-provisioning support for two new applications:
  • Bonusly
  • Klipfolio
Customers with G Suite Business, Enterprise, and Education editions, as well as Cloud Identity Premium, can enable user auto-provisioning in all supported applications. Customers with G Suite Basic, Government, and Nonprofit editions can configure auto-provisioning for up to three applications from the supported list.

For more information on how to set up auto-provisioning, check out the Help Center.

Launch Details
Release track:
Launching to both Rapid Release and Scheduled Release

Editions:

  • G Suite Business, Enterprise, and Education customers, as well as Cloud Identity Premium, can enable auto-provisioning for all supported applications
  • G Suite Basic, Government, and Nonprofit customers can enable auto-provisioning for up to three applications

Rollout pace:
Gradual rollout (up to 15 days for feature visibility)

Impact:
Admins only

Action:
Admin action suggested/FYI

More Information
Help Center: Automated user provisioning
Help Center: Using SAML to set up federated SSO


Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates

Alert center for G Suite generally available to help identify security threats

We’re making the alert center for G Suite generally available. The alert center provides a single, comprehensive view of essential security-related notifications, alerts, and actions across G Suite. The alert center was previously available in beta and helps G Suite organizations detect threats and take action to mitigate them.


Alert center provides a unified view of essential notifications 

The alert center brings together alerts on some of the most critical security concerns including account warnings, gmail phishing and malware, and device management. These alerts cover a number of scenarios. 

Account warning alerts: These will cover seven different scenarios, ranging from suspended accounts triggered due to suspicious activities to alerts on government-backed attacks.

Gmail phishing and malware alerts: We leverage machine learning to identify threat indicators and uncover malware threats. We surface alerts for potentially malicious IP addresses, even if these are placed on your trusted whitelist. We’ll also show potential phishing events, including those messages that have been quarantined or delivered.



Device management alerts: We look the various device attributes to determine if user device has been jailbroken or rooted. These alerts are surfaced, along with other device management alerts on suspicious device activity.



Google operations alerts: The Google operations alert provides details about security and privacy issues that are affecting your organization's G Suite services.

Alerts link to specific information and remediation steps 

For every alert, we include dedicated knowledge articles to help admins learn about the alert type. Where relevant, we also have links that admins can use to take actions to help remediate the threat. Links to these resources are accessible from the alert detail page within the Admin console. They can help admins take action right away to shield users and remediate incidents.

Alert center builds on security center functionality 

The unified view that the alert center provides will help all G Suite admins manage alerts more efficiently, and provide insights that help them assess their organization's exposure to security issues at the domain and user levels.

In addition, G Suite Enterprise edition domains can use the G Suite security center for integrated remediation of issues surfaced by alerts. From every alert in the alert center, admins at G Suite Enterprise domains will have a dedicated link that will trigger a pre-configured query in the investigation tool. This helps these admins go from detection to remediation with just a few clicks.

Launch Details 
Release track:
Launching to both Rapid Release and Scheduled Release

Editions: 
Available to all G Suite editions

Rollout pace: 
Gradual rollout (up to 15 days for feature visibility)

Impact: 
Admins only

Action: 
Admin action suggested/FYI

More Information 
Help Center: About the Alert center 
G Suite Updates blog: Get a unified view of essential notifications with the alert center Beta 


Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates