Tag Archives: Admin Console

Send group membership information in outbound SAML responses

Quick launch summary 

We’re adding the ability for admins to configure and send group membership information as part of SAML responses. 


Currently, you are able to configure SSO to send user attributes in the SAML response when a user logs in to an app using SAML SSO. With this launch, admins can configure SSO to send group membership information to the application. Apps can then use these attributes to assess user authorization and to implement other business logic. 

Getting started 






Rollout pace 


Availability 

  • Available to all Google Workspace customers, as well as legacy G Suite Basic and Business customers and Cloud Identity customers 

Resources 

Google Workspace Updates Weekly Recap – May 20, 2022

New updates 


There are no new updates to share this week. Please see below for a recap of published announcements. 


Previous announcements


The announcements below were published on the Workspace Updates blog earlier this week. Please refer to the original blog posts for complete details.



Migrate your classic Google Sites before December 1, 2022 
We’re extending the previously announced timeline to give Google Workspace customers more time to migrate from classic Google Sites to new Google Sites: 
  • Starting December 1, 2022 (previously June 1, 2022), you will no longer be able to edit any remaining classic Sites in your domain. 
  • Starting January 1, 2023 (previously July 1, 2022), Classic Sites will no longer be viewable unless they are converted to new Google Sites. 
Learn more here and here


New and updated third-party DevOps integrations for Google Chat, including PagerDuty 
There are now a variety of additional DevOps integrations that allow you to act on common workflows directly in Google Chat. | Learn more


Export log data in near-real time to BigQuery
Exported log data streams are now in near-real time (under 10 minutes), improving upon the previous process which returned log data that could be up to three days old. | Learn more here and here


AppSheet Enterprise Standard and Enterprise Plus available as add-ons to Google Workspace editions
Google Workspace customers can now purchase AppSheet Enterprise Standard and Enterprise Plus as add-ons by contacting their Google Cloud sales representative or through the Google Workspace Partner network. | Learn more


Use Connected Sheets with VPC-SC protected data, improved Cloud Audit Logs for Connected Sheets events 
BigQuery datasets that are behind a perimeter created by VPC Service Controls can now be accessed using Connected Sheets. We’ve also made improvements to the Connected Sheets logging in the Cloud Audit Logs. | Learn more


New banners in Google Chat protect against malicious links 
In Google Chat, you can now see banners warning against potential phishing and malware messages coming from users with personal Google Accounts to help protect users against malicious actors, keeping data safe. | Learn more


For a recap of announcements in the past six months, check out What’s new in Google Workspace (recent releases).

Use Connected Sheets with VPC-SC protected data, improved Cloud Audit Logs for Connected Sheets events

What’s changing 

BigQuery datasets that are behind a perimeter created by VPC Service Controls can now be accessed using Connected Sheets


We’ve also made improvements to the Connected Sheets logging in the Cloud Audit Logs. See the “Additional details” section below for more information. 


Who’s impacted 

Admins and end users 



Why you’d use it 

This change gives VPC Service Controls Admins and Editors the ability to allow members of your organization to access, collaborate on, and generate insights from VPC Service Controls protected data via Connected Sheets. 



Additional details 

By default, Connected Sheets cannot access BigQuery data that is protected by VPC Service Controls; however, VPC Service Controls perimeters can now be configured to allow queries issued through Connected Sheets to succeed. This configuration can only be changed by VPC Service Controls Admins and Editors. 



Improved Connected Sheets logging 
Whenever BigQuery data is accessed in Connected Sheets, entries are recorded for who accessed the data and when in Cloud Audit Logs


Now, the Cloud Audit Logs will additionally include the ID of the spreadsheet that generates the BigQuery data access. Every spreadsheet has a unique ID containing letters, numbers, hyphens, or underscores, which can be found in the Google Sheets URL. Use this documentation to learn more about where to find this additional information in the Cloud Audit Logs. 


Getting started 


Rollout pace 


Availability 

  • Available to all Google Workspace customers Available to users with personal Google Accounts 
  • Not available to legacy G Suite Basic and Business customers

Resources 

Export log data in near-real time to BigQuery

Quick summary 

Currently, you can export Google Workspace logs to Google BigQuery for customized and scalable reporting. Exports take place as a daily sync, returning log data that can be up to three days old. With this launch, exported log data streams will be near-real time (under 10 minutes), ensuring fresh data for your export. This helps you stay on top of security threats and analysis with the most up-to-date activity log data. 



Stream activity log data in near-real time when using BigQuery export




Getting started 

  • Admins: This feature works automatically if you have set up service log exports to BigQuery. There is no additional admin control for this feature. 
  • End users: There is no end user impact. 

Rollout pace 


Availability 

  • Available to Google Workspace Enterprise Standard, Enterprise Plus, Education Standard, and Education Plus Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Frontline, and Nonprofits, as well as legacy G Suite Basic and Business customers 
  • Not available to users with personal Google Accounts 

Resources 

Google Workspace Updates Weekly Recap – May 13, 2022

New updates 

Unless otherwise indicated, the features below are fully launched or in the process of rolling out (rollouts should take no more than 15 business days to complete), launching to both Rapid and Scheduled Release at the same time (if not, each stage of rollout should take no more than 15 business days to complete), and available to all legacy Google Workspace and G Suite customers. 


New idle status in Google Chat 
In Google Chat on web and Chat in Gmail, you'll see an orange clock badge for users that were recently active in Chat, but aren't currently active. We hope this makes it easier to determine the best time to connect with your colleagues. Visit the Help Center to learn more about availability statuses in Google Chat





Changes to the default Host Management controls in Google Meet for users with personal accounts 
The default setting for Host Management controls is changing for users with personal Google accounts. Previously, Host Management controls were ON by default — going forward, this setting will be OFF by default for new meetings. There are no changes to the behavior for Google Workspace customers or Google Workspace Individual users.



Previous announcements


The announcements below were published on the Workspace Updates blog earlier this week. Please refer to the original blog posts for complete details.


Improved user interface for sharing your working location in Google Calendar
This update improves the working location feature by offering the same functionality for easily entering and updating location information in a more compact format that uses screen space more efficiently. | Learn more here and here

Available to Google Workspace Business Standard, Business Plus, Enterprise Standard, Enterprise Plus, Education Plus, and Nonprofits, as well as G Suite Business customers. 


Easily search for Google Meet content in Google Drive
In Google Drive, you can now use app:”Google Meet” to easily find and organize Meet content such as Meet recordings, meeting transcripts, and more. | Learn more.


Import existing custom themes to new Google Sites
You can now import a custom theme from one new Google Site to another. | Learn more.


Create Spaces and Add Members with the Google Chat API, available in Developer Preview
Using the Google Chat API, you can now programmatically create new Spaces and add members to those Spaces. This functionality is available in preview – developers can apply for access through our Google Workspace Developer Preview Program. | Learn more.


Require email verification to book appointments in Google Calendar
When using appointment scheduling in Google Calendar, you can now opt to have users verify their email before booking an appointment. When enabled, the user must be signed into a Google account or validate their email address using a PIN code to complete the booking. | Learn more.

Available to Google Workspace Business Standard, Business Plus, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Standard, Education Plus, the Teaching and Learning Upgrade, and Nonprofits customers.


New delegated VirusTotal privilege in the Alert Center
In 2021, we announced an integration between the Alert Center and VirusTotal. At that time, any admin who had the Alert Center privilege could access all VirusTotal reports. Now, we’ve added the ability for admins to control who can view VirusTotal reports. | Learn more.

Available for Google Workspace Business Plus, Enterprise Standard, Enterprise Plus, Education Standard and Education Plus.


Set up SSO profiles for multiple third-party identity providers with the Multi-IdP SSO beta launch
You can further customize authentication by setting up single sign-on (SSO) profiles for multiple identity providers and then configuring authentication for each group or OU. This feature is available beginning today as an open beta, which means you can use it without enrolling in a specific beta program. | Learn more.


For a recap of announcements in the past six months, check out What’s new in Google Workspace (recent releases).

Set up SSO profiles for multiple third-party identity providers with the Multi-IdP SSO beta launch

What’s changing 

For over a decade, we have given admins the ability to configure authentication through a third-party identity provider . In 2021, we expanded this capability by making it possible to choose between third-party identity provider or Google authentication for specific groups or organizational units (OUs). 


Now, you can further customize authentication by setting up single sign-on (SSO) profiles for multiple identity providers and then configuring authentication for each group or OU. This feature is available beginning today as an open beta, which means you can use it without enrolling in a specific beta program.


You can now set up SSO profiles for multiple third-party identity providers




Who’s impacted


Admins

Why you’d use it

Currently, you can configure SSO with a third-party identity provider to apply to your entire domain and then require a subset of your users, such as vendors or contractors, to authenticate with Google instead. However, if you have more than one identity provider, you might require greater customization of authentication options. For example, your company might be migrating from one provider to another, or it might have acquired another company that uses a different provider.


The Multi-IdP SSO beta lets you set up SSO profiles for each of your third-party identity providers, giving you the flexibility to specify the authentication method for various users in your organization as needed.

Getting started

  • Admins: In the Admin console, navigate to Security > Settings > Set up single sign-on (SSO) with a third party IdP > Manage SSO Profile assignments. Visit the Help Center to learn more about setting up SSO for your organization.


Go to the Security settings to set up SSO profiles for third-party identity providers

  • End users: There is no end user setting for this feature.

Rollout pace

  • This feature is available now for all users.


Availability

  • Available to Google Workspace Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Plus, Frontline, and Nonprofits, as well as legacy G Suite Basic and Business customers
  • Available to all Cloud Identity customers
  • ​​Not available to Google Workspace Essentials customers
  • Not available to users with personal Google Accounts

Resources

New delegated VirusTotal privilege in the Alert Center

What’s changing 

In 2021, we announced an integration between the Alert Center and VirusTotal. At that time, any admin who had the Alert Center privilege could access all VirusTotal reports. Now, we’ve added the ability for admins to control who can view VirusTotal reports. 




Important note: Once this feature is rolled out in your domain, some admins may lose access to VirusTotal. If so, super admins will have to re-provision access by going to Admin Privileges > View VirusTotal Reports


Who’s impacted 

Admins 


Why you’d use it 

This change will help ensure only those with proper privileges can view VirusTotal reports regarding sensitive data. The VirusTotal integration provides an added layer of investigation on top of existing alerts, empowering admins to take deeper look into threats and potential abuse, helping them better protect their organization and data. Visit the Help Center to learn more about using VirusTotal reports in the Alert Center


Additional details 

VirusTotal provides an investigation layer on top of alerts but isn’t being used directly for detection or alerting. No customer information is shared from Google to VirusTotal. 


Getting started 


Rollout pace 


Availability 

  • Available to Google Workspace Business Plus, Enterprise Standard, Enterprise Plus, Education Fundamentals and Education Plus customers 
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Enterprise Essentials, Frontline, and Nonprofits, as well as G Suite Basic and Business customers 

Resources 

Google Workspace Updates Weekly Recap – April 29, 2022

New updates 

Updated rollout schedule for additional Calendar statuses in Google Chat 
We’d like to provide updated rollout information for additional Calendar statuses in Google Chat, previously announced on March 14, 2022
  • Rollout for Rapid release domains will be complete on Wednesday, May 5, 2022. 
  • Rollout for Scheduled release domains will begin on Wednesday, May 11, 2022 and is expected to be complete by Tuesday, May 24, 2022. 


Previous announcements 

The announcements below were published on the Workspace Updates blog earlier this week. Please refer to the original blog posts for complete details. 



Easily manage storage related activity and policies through new storage management tools in the Admin console 
In the Admin console, storage related activities can now be accessed and managed from a single source. | Learn more. 



Quick access to additional actions when composing a message in Google Chat on iOS 
When using Google Chat on iOS, you can now easily take additional actions by hovering over the plus (“+”) icon next to the compose bar. You’ll see a variety of options such as: 
  • Sharing a Google Meet link 
  • Creating a meeting in Calendar 
  • Accessing Google Drive Text formatting options and more. 




Enhanced menus in Google Docs improves findability of key features on desktop 
We’re updating the menus in Google Docs to make it easier to locate the most commonly-used features. In this update you’ll notice: 
  • Shortened menus for better navigation 
  • Reorganization for more intuitive feature location 
  • Prominent icons for faster recognition 



Warning banners alert users of suspicious Google Docs, Sheets, or Slides files on web 
Previously, we announced warning banners for potentially malicious or dangerous files in Google Drive. We’re extending these warnings at the file-level — going forward, if you open a Google Docs, Sheets, or Slides file on the web, you’ll see these warnings. | Learn more. 


For a recap of announcements in the past six months, check out What’s new in Google Workspace (recent releases).

Easily manage storage related activity and policies through new storage management tools in the Admin console

What’s changing 

We’re rolling out new storage management tools to give our customers additional visibility, control, and insights into storage usage across users, groups, and their entire organization. 


In the Admin console, storage related activities can now be accessed and managed from a single source. Using these new storage management tools, admins can quickly and easily: 
  • View a storage usage summary for their entire organization 
  • View storage used by specific products like Drive or Gmail 
  • View the top users of storage in their organization 
  • View shared drives with the most storage used in your organization 
  • Manage and delete shared drives based on storage use, including the ability to sort and delete individual or multiple shared drives 
  • View storage limit warnings Access detailed reports on storage usage Apply storage limits for users


See below for more information. 


Who’s impacted 

Admins 


Why it’s important 

Admins can use these new tools to see how much storage is being used across their organization and view how close their organization is to reaching their storage limit. 


In Storage Settings you can manage storage limits in Google Workspace across your organization. You’ll see the storage limit settings for your entire organization, which you can customize for specific organizational units and groups. Please visit the Help Center for more details on how storage is being used—and how you can manage it—across your organization. 


This setting is turned OFF by default - when it’s turned on, you can create individual storage limits.





Easily modify storage privileges 
At launch, only super admins will have access to the storage management tools. Over the coming months, access will expand to delegated, user, and reseller admins. When available, admins can control all previously implemented storage policies, allowing them to control defaults and create custom roles to manage storage policies for their organization or users in specific organizational units or groups.



Getting started 

  • Super Admins: The new storage landing page can be accessed via: 
    • The “Storage” option in the left-hand navigation menu. 
    • A new “Storage” card on the Admin console homepage. 
    • Or by navigating to Account > Settings > Storage

  • Google Workspace customers: Visit the Help Center to learn more about storage in Google Workspace and managing shared drive users and their activity

  • Google Workspace for Education customers: Visit the Help Center to learn more about Google Workspace for Education storage

  • Important Note: At launch, super admins will have access to the storage management tools. We will share an update regarding access for delegated, user, and reseller admins on the Workspace Updates Blog once available.

  • End users: No action required.

Availability 

  • Available for all Google Workspace super admins, as well as legacy G Suite Basic and Business super admins 

Resources 

Admins can now specify how individual Android apps update within the Admin console

What’s changing 

Google Workspace admins can now specify how Android apps update, giving them greater control over how Android apps are deployed within their fleet. Specifically, admins can specify whether apps are updated right away or postponed. Further, admins can set these policies on a group level within their organization. See below for more information. 



Who’s impacted 

Admins 

Why it’s important 

Previously, the default behavior for app updates in managed Google Play was contingent on the device being connected to a Wi-Fi network, to be charging, and not being actively used. This behavior is not always suited to the needs of our customers and admins need more granular control over how apps are updated. 

With this update, Admins can now set specific criteria for when Managed Play apps update: 
  • High priority mode: the app is updated immediately after the developer publishes a new version. Note that for high priority, app updates will also still be issued when the default update criteria is met. 
  • Postponed mode: the app will not be automatically updated during the 90 days after a new version is released. After this 90-day period, the newly available version of the app is automatically installed when a device is connected to Wi-Fi, charging, and the app is not in use. Note: users can still manually update the app via the Play Store. 

Additionally, Admins can apply these configurations on a Group level within their organization, giving admins even greater granular control. 

Getting started 


Rollout pace 


Availability 

  • Available to Google Workspace Business Plus, Enterprise Essentials, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Standard, the Teaching and Learning Upgrade, Education Plus, Frontline, legacy G Suite Business and Basic, and Cloud Identity premium customers.
  • Not available to Google Workspace Business Starter, Business Standard, Essentials, Nonprofits customers, and Cloud Identity Premium customers 

Resources