Tag Archives: Groups

Configure member restrictions for groups, available in open beta

What’s changing 

We’re adding group level controls that will allow admins to restrict group memberships based on: 
Internal or external members,
  • Member type (service account, user, group) 
  • This feature is available as an open beta, which means you can use it without enrolling in a specific beta program. 

Who’s impacted 

Admins and end users who are group owners and managers 


Why it’s important 

This feature helps ensure Groups are properly configured and stay within the confines of specific restrictions. For example, if an Admin configures a group to exclude service accounts, that restriction will be preserved and enforced for all future group changes. 

Once a restriction is in place, we’ll indicate whether there are violating memberships and suggested actions to resolve the discrepancy. Further, this feature will prevent any new changes from violating the current setting, ensuring the group remains secure. 


Additional details 

Important note: Group owners and managers cannot remove restrictions once they’re applied, but may be able to add additional restrictions. For example, If a group is configured to contain individual users and groups, the group owner could further restrict it to only users. However, the group owner could not change a group which is set up to only contain individuals to allow both individuals and groups. Use our Help Center to learn more.


Getting started 

Rollout pace 

Availability 

  • Available to Google Workspace Enterprise Plus, Enterprise Standard, Education Plus, and Cloud Identity Premium customers 
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Frontline, and Nonprofits, as well as G Suite Basic and Business customers 

Resources 

Use the “Inspect Groups” function to view a users direct and indirect group membership

What’s changing 

You can now quickly surface information regarding specific users and the groups they are part of directly in the Admin console. 
  • View direct and indirect members of a group: Enables you to see an expanded view of all memberships in a group. This allows to see a single view of all memberships for a nested group structure 
  • Check Membership: This allows you to validate whether a user is a member of a particular group. 
  • List all groups for a member: You can view a list of all groups a user is a member of, the email address or addresses associated with the group, and the group relation (indirect, direct, or both). See below for more information. 

Who’s impacted 

Admins 



Why it’s important 

In order to manage access to content and resources within their organization, Admins use numerous groups to ensure proper access for their users. This also involves nesting groups, adding another layer of complexity. 

This feature will give Admins a clear understanding of the group structures for any user in their organization, all in one place. We hope this feature makes it easier for Admins to take action on managing their users by providing all the necessary information, such as all groups a user is part of and their membership status. 



Getting started



Availability


  • Available to Google Workspace Enterprise Plus, Education Plus, and Cloud Identity Premium customers
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, Education Fundamentals, Frontline, and Nonprofits, as well as G Suite Basic and Business customers


Resources


Security groups are now generally available

What’s changing

In 2020, we launched security groups to beta. Beginning today, this feature is now generally available. Security groups help you easily regulate, audit, and monitor groups used for permission and access control purposes. They enable admins to: 

  • Apply a label to any existing Google Group to distinguish it from email-list groups. 
  • Provide strong guarantees that: 
    • External groups (owned outside your organization) and non-security groups cannot be added as a member of a security group. 
    • Security labels, once assigned to a group, cannot be removed. This ensures that once a group is used for security purposes, it will remain in that state. 


Why it’s important

Groups are used in a variety of ways. This can include groups that help teams communicate and collaborate, as well as groups that control access to important apps and resources. Security groups can help customers manage these categories of groups differently to increase their overall security posture. 

For example, if you have compliance or regulatory requirements for managing access control, you may have set up naming conventions to keep track of which groups were used for this purpose. With security groups, you can now assign a security label to these groups and more easily manage them without having to use workarounds like naming conventions. 

Getting started


Rollout pace

  • This feature is available now.

Availability

  • Available to Google Workspace Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Plus, and Nonprofits, as well as G Suite Basic and Business customers
  • Not available to Google Workspace Essentials and Frontline customers

Resources


Google Workspace Updates Weekly Recap – July 30, 2021

New updates

Unless otherwise indicated, the features below are fully launched or in the process of rolling out (rollouts should take no more than 15 business days to complete), launching to both Rapid and Scheduled Release at the same time (if not, each stage of rollout should take no more than 15 business days to complete), and available to all Google Workspace and G Suite customers.


Delegate Information is now available in Gmail Log Search
Email log search now indicates when an email was sent on behalf of the user by a delegate. In cases where a delegate sent the email, the delegate will be listed, along with the sender, in message details in email log search. Delegate information will only be available on emails sent after this change rolls out. | Available to all Google Workspace with Gmail enabled. | Learn more.


New font in Workspace improves accessibility for vision impaired
Now there's a new font in Workspace optimized for vision impaired users.  When you create or want to read a document, set the font to Atkinson Hyperlegible for improved legibility.


Previous announcements 

The announcements below were published on the Workspace Updates blog earlier this week. Please refer to the original blog posts for complete details.


Improvements for braille mode in Google Docs provide a richer, more interactive experience
We've improved how suggestions are announced in braille mode in Google Docs. You’ll now hear detailed suggestion information inline with the rest of the text — this includes whether the suggestion is an insertion or deletion, and the author of the suggestion. | Learn more.



Disabling File Transfer in Google Chat
Admins can now disable or limit file sharing for their users in Chat. Specifically, admins
will be able to specify controls within and outside their organization, and will be able to choose between restricting all files, allowing images only, or allowing all files. | Available to Google Workspace Business Plus, Enterprise Standard, Enterprise Plus, Education Plus, Enterprise Essentials | Learn more.



Alert Center enrichment with VirusTotal threat context now generally available
Earlier this year, we pre-announced an integration between the Alert Center and VirusTotal. Currently, the Google Workspace Alert Center provides admins with actionable, real-time alerts and insights regarding security-related activity in their domain. With the VirusTotal (now part of Google Cloud) integration, admins have the ability to dig into their alerts at a deeper level. | Available to Google Workspace Business Plus, Enterprise Standard, Enterprise Plus, Education Fundamentals and Education Plus customers. | Learn More.



Use dynamic security groups for group based policies
Google Workspace admins can now use dynamic groups to manage policies for their users in the Admin console. Previously, it was only possible to apply these policies to static groups and OUs. | Available to Google Workspace Enterprise Plus, Education Plus, and Cloud Identity Premium customers. | Learn more.



Workspace for Education Plus now syncs Google Classroom courses and rosters with Student Information Systems
U.S. school districts with Google Workspace for Education Plus will be able to automatically set up Google Classroom courses and keep rosters in sync with their Student Information System (SIS). IT admins will do the setup via Clever, meaning teachers will no longer need to manually create classes and invite students to join them. | Learn More.



Enhancements to Google Voice
We’ve made several enhancements to Google Voice, including information and troubleshooting tips for missed calls, the ability to easily redial dropped calls, the ability to delete SMS messages in bulk, and an option to show your Google Voice number as the caller ID when forwarding calls. | Learn more.



Search within a folder in Google Drive on iOS
You can now search for content inside a specific folder in Google Drive on iOS. Simply navigate to the folder you want to search within and select the search bar — you’ll see a list of suggested folders, documents, and users to refine your search results. Select the folder chip before typing your search query. | Learn more.



Assign SSO profile to organizational units or groups with the new SAML Partial SSO beta
Currently, you can configure to authenticate your users using a third-party identity provider — this configuration applies to all users within your domain. Now, you have the option to specify groups or organizational units (OUs) to authenticate a subset of your users using Google. This feature is available as an open beta. | Learn more.



New enrollment privilege and naming updates for Google Meet hardware in the Admin console
We are making two improvements to the admin controls for Google Meet hardware: a new enrollment privilege admins and updates for hardware management in the Admin console. | Learn more.



Use the new Google Meet web app for better meetings on desktop devices
We’ve launched a new Google Meet standalone web app. This Progressive Web Application (PWA) has all the same features as Google Meet on the web, but as a standalone app it’s easier to find and use, and it streamlines your workflow by eliminating the need to switch between tabs. | Learn more.


For a recap of announcements in the past six months, check out What’s new in Google Workspace (recent releases).

Use dynamic security groups for group based policies

What’s changing 

Google Workspace admins can now use dynamic groups to manage policies for their users in the Admin console. Previously, it was only possible to apply these policies to static groups and OUs. 

Workspace admins can use dynamic attribute-based groups to automate tasks such as "turn drive off for everyone in Europe through the Admin Console".

Who’s impacted

Admins

Why it’s important

This change gives admins greater control and flexibility when managing Workspace policies for users in their organization. For instance, rather than applying policies to a specific group which is updated manually at large, admins can apply policies to a dynamic group which stays up-to-date automatically.

Further, this reduces manual work for Admins and helps improve security by relying on external source of truth systems for user attributes.

Getting started


Rollout pace

  • This feature is available now.

Availability

  • Available to Google Workspace Enterprise Plus, Education Plus, and Cloud Identity Premium customers
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, Education Fundamentals, Frontline, and Nonprofits, as well as G Suite Basic and Business customers

Automatic group membership management with dynamic groups, now generally available

Quick launch summary 

Dynamic groups are now generally available. Dynamic groups work the same as other Google Groups, but with the added benefit that their memberships are automatically kept up to date with a membership query. Dynamic groups can be based on one or many user attributes, including addresses, locations, organizations, and relations. 


By automating membership management you can increase security, reduce errors, and alleviate user frustration while minimizing the burden on admins. 


See our beta announcement for more details and example use cases for dynamic groups. Note that at launch, you won’t be able to manage policies—like context-aware access policies—using dynamic groups. We are working on adding this functionality in the future, and will announce it on the Workspace Updates blog when it’s available. 


This joins our other recent announcements for features that make it easier to manage groups within your organization. You can now also assign groups as security groups, set group membership expiration, and see indirect membership visibility and membership hierarchies via API. We hope these features make it easier to use groups to meet the access, security, and communication needs of your organization. 


Getting started 

Rollout pace 

Availability 

  • Available to Google Workspace Enterprise Standard, Enterprise Plus, Education Plus, and Cloud Identity Premium customers 
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, and Education Fundamentals, or G Suite Basic, Business, and Nonprofits customers 

Resources 

Security groups now generally available

Quick launch summary 

We’re making security groups generally available. Security groups help you easily regulate, audit, and monitor groups used for permission and access control purposes by simply adding the security label. See our beta announcement for more details and use cases for security groups

We’ve recently announced several other features that can help you better manage groups in your organization and improve your security posture. These include group membership expiration and the indirect membership visibility and membership hierarchy APIs


Getting started 

Rollout pace 

Availability 

  • Available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Standard and Enterprise Plus customers, as well as G Suite Basic, Business, Education, Enterprise for Education and Nonprofits customers 

Resources 

Group membership expiration now generally available

Quick launch summary 

The Cloud Identity Groups API feature that enables you to set expirations for group memberships is now generally available. It was previously available in beta


This enables admins to set an amount of time that users and service accounts are members of a group. Once the specified time has passed, users will be removed from the group automatically. Automatic membership expiration can help reduce the administrative overhead for managing groups, and can help ensure group membership is limited to the members that need access. 




This launch is another enhancement to the Cloud Identity Groups API. We recently also made the indirect membership visibility and membership hierarchy APIs generally available. Together, these make it easier to manage permissions and access control in your organization. 


Getting started 

Rollout pace 

Availability 

  • Available to Google Workspace Enterprise Standard and Enterprise Plus, as well as G Suite Enterprise for Education and Cloud Identity Premium customers 
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, and Enterprise Essentials, as well as G Suite Basic, Business, Education, and Nonprofits customers 

Resources 

Indirect membership visibility and membership hierarchy APIs now generally available

Quick launch summary 

We’re making it easier to identify, audit, and understand indirect group membership via the Cloud Identity Groups API. Specifically, we’re making the membership visibility and membership hierarchy APIs generally available. These were previously available in beta. 

Using “nested” groups to manage access to content and resources can help decrease duplication, simplify administration, and centralize access management. However, nested groups can create a complex hierarchy that can make it hard to understand who ultimately has access and why. These APIs help provide all of the information you need to understand complex group structures and hierarchies, and can help you make decisions about who to add to or remove from your groups. 

See our beta announcement for more information and use cases for the APIs


Getting started 


Rollout pace 


Availability 

  • Available to Google Workspace Enterprise Standard and Enterprise Plus, as well as G Suite Enterprise for Education and Cloud Identity Premium customers. 
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, and Enterprise Essentials, as well as G Suite Basic, Business, Education, and Nonprofits customers 

Resources 

Custom roles now available in new Groups

Quick launch summary 

Permissions in Google Groups help control who can view, post, and moderate content in your groups, as well as determine who can manage members and other group settings. You can assign a set of permissions to users in your groups using roles—roles available by default include owner, manager, and member. 


With this launch, you can now create a custom role that allows admins to assign a specific set of viewing, posting, and moderation permissions for users within a given group. By adding this to new Groups, we hope to make it quicker and easier to manage group permissions at scale while ensuring all users have the right permissions for your groups. 


Note that custom roles were previously available in classic Groups. All custom roles created in classic Groups will continue to work and be available to use in new Groups as well. 


Getting started 

Rollout pace 

Availability 

  • Available to Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, and Enterprise Plus, as well as G Suite Basic, Business, Education, Enterprise for Education, and Nonprofits customers 

Resources