Tag Archives: Groups

Dynamic groups beta enables automatic group membership management

What’s changing 

Dynamic groups let you create a group with membership that is automatically kept up to date with a membership query. Dynamic groups can be based on one or many user attributes, including addresses, locations, organizations, and relations. You can manage dynamic groups in the Cloud Identity Groups API and the Admin console. 

Dynamic groups is currently available as an open beta, which means you can use it without enrolling in a specific beta program. 


Who’s impacted 

Admins and developers with group create and user read privileges


Why you’d use it 

Dynamic groups work the same as other Google Groups with the added benefit that their memberships are automatically kept up-to-date. This means you can use them for the same functions, including for distribution lists, access-control list (ACL) management, and more. By automating membership management you can increase security, reduce errors, and alleviate user frustration while minimizing the burden on admins. 

Here are some examples of how you can use dynamic groups. You can create groups of: 
  • All users based in your New York office, which you can then use for email communications related to that office location. 
  • All engineers, which you can then use to provide access to specific tools. 


Additional details 

At launch, you won’t be able to manage policies such as context-aware access policies using dynamic groups. Once available, you will be able to create a dynamic group which you could then use to manage specific context-aware access policies. We are working on adding this functionality in the future, and will announce it on the G Suite Updates blog when it’s available. 


Getting started 



Rollout pace 

  • This feature is available now for all eligible users. 

Availability 

  • Available to G Suite Enterprise, G Suite Enterprise for Education, and Cloud Identity Premium customers 
  • Not available to G Suite Essentials, G Suite Basic, G Suite Business, G Suite for Education, G Suite for Nonprofits, and Cloud Identity Free customers 

Resources 

Dynamic groups beta enables automatic group membership management

What’s changing 

Dynamic groups let you create a group with membership that is automatically kept up to date with a membership query. Dynamic groups can be based on one or many user attributes, including addresses, locations, organizations, and relations. You can manage dynamic groups in the Cloud Identity Groups API and the Admin console. 

Dynamic groups is currently available as an open beta, which means you can use it without enrolling in a specific beta program. 


Who’s impacted 

Admins and developers with group create and user read privileges


Why you’d use it 

Dynamic groups work the same as other Google Groups with the added benefit that their memberships are automatically kept up-to-date. This means you can use them for the same functions, including for distribution lists, access-control list (ACL) management, and more. By automating membership management you can increase security, reduce errors, and alleviate user frustration while minimizing the burden on admins. 

Here are some examples of how you can use dynamic groups. You can create groups of: 
  • All users based in your New York office, which you can then use for email communications related to that office location. 
  • All engineers, which you can then use to provide access to specific tools. 


Additional details 

At launch, you won’t be able to manage policies such as context-aware access policies using dynamic groups. Once available, you will be able to create a dynamic group which you could then use to manage specific context-aware access policies. We are working on adding this functionality in the future, and will announce it on the G Suite Updates blog when it’s available. 


Getting started 



Rollout pace 

  • This feature is available now for all eligible users. 

Availability 

  • Available to G Suite Enterprise, G Suite Enterprise for Education, and Cloud Identity Premium customers 
  • Not available to G Suite Essentials, G Suite Basic, G Suite Business, G Suite for Education, G Suite for Nonprofits, and Cloud Identity Free customers 

Resources 

Group membership expiration available in beta

What’s changing 

We’re adding the ability to set expirations for group memberships using the Cloud Identity Groups API. This enables admins to set an amount of time that users are members of a group. Once the specified time has passed, users will be removed from the group automatically. 

Membership expiry is currently available as an open beta, which means you can use it without enrolling in a specific beta program. 


Who’s impacted 

Admins and developers 


Why it’s important 

Groups are a powerful way to manage permissions and access control in your organization.In many cases,, there’s a known amount of time that a user should be a member of a group. This can make managing membership time consuming, and increases the possibility that a user has overly-broad access. 

Automatic membership expiration can help reduce the administrative overhead for managing groups, and can help ensure group membership is limited to the members that need access. This can help: 
  • Increase security by ensuring users do not have long lived membership in groups, and that your group memberships don’t become too expansive. 
  • Manage security groups by using group membership with our recent launch of security groups
  • Reduce admin time and administration costs by automating some group management tasks 

Getting started 

Rollout pace 

  • This feature is available now for all users. 

Availability 

  • Available to G Suite Enterprise, G Suite Enterprise for Education, and Cloud Identity Premium customers 
  • Not available to G Suite Basic, G Suite Business, G Suite for Education, G Suite for Nonprofits, G Suite Essentials, and Cloud Identity Free customers 

Resources 

Group membership expiration available in beta

What’s changing 

We’re adding the ability to set expirations for group memberships using the Cloud Identity Groups API. This enables admins to set an amount of time that users are members of a group. Once the specified time has passed, users will be removed from the group automatically. 

Membership expiry is currently available as an open beta, which means you can use it without enrolling in a specific beta program. 


Who’s impacted 

Admins and developers 


Why it’s important 

Groups are a powerful way to manage permissions and access control in your organization.In many cases,, there’s a known amount of time that a user should be a member of a group. This can make managing membership time consuming, and increases the possibility that a user has overly-broad access. 

Automatic membership expiration can help reduce the administrative overhead for managing groups, and can help ensure group membership is limited to the members that need access. This can help: 
  • Increase security by ensuring users do not have long lived membership in groups, and that your group memberships don’t become too expansive. 
  • Manage security groups by using group membership with our recent launch of security groups
  • Reduce admin time and administration costs by automating some group management tasks 

Getting started 

Rollout pace 

  • This feature is available now for all users. 

Availability 

  • Available to G Suite Enterprise, G Suite Enterprise for Education, and Cloud Identity Premium customers 
  • Not available to G Suite Basic, G Suite Business, G Suite for Education, G Suite for Nonprofits, G Suite Essentials, and Cloud Identity Free customers 

Resources 

Service accounts in Google Groups and with Groups API now generally available

Quick launch summary 

We recently announced betas for two new features related to service accounts. Now, these features are generally available: 
  • Support for service accounts in Google Groups, which makes it easier to use service accounts with groups while increasing security and transparency. Learn more
  • Use service accounts with Google Groups APIs without domain-wide delegation, which enables service accounts to perform critical business processes without compromising your strong security and compliance posture. Learn more

Groups are a critical tool for customers to manage their G Suite deployment. Many customers use service accounts with Groups to automate user management, manage migrations, and integrate G Suite with other apps, tools, and services. Use the announcements linked above to learn more about the features and how you can use them. 

Learn more about these and other launches in our Security Blog post highlighting 10 new security and management controls for security at scale

Service accounts in Google Groups 

Getting started 

Rollout pace 

Availability 

  • Available to all G Suite customers 

Resources 

Service accounts in Google Groups and with Groups API now generally available

Quick launch summary 

We recently announced betas for two new features related to service accounts. Now, these features are generally available: 
  • Support for service accounts in Google Groups, which makes it easier to use service accounts with groups while increasing security and transparency. Learn more
  • Use service accounts with Google Groups APIs without domain-wide delegation, which enables service accounts to perform critical business processes without compromising your strong security and compliance posture. Learn more

Groups are a critical tool for customers to manage their G Suite deployment. Many customers use service accounts with Groups to automate user management, manage migrations, and integrate G Suite with other apps, tools, and services. Use the announcements linked above to learn more about the features and how you can use them. 

Learn more about these and other launches in our Security Blog post highlighting 10 new security and management controls for security at scale

Service accounts in Google Groups 

Getting started 

Rollout pace 

Availability 

  • Available to all G Suite customers 

Resources 

Updated interface for managing Google Groups in the Admin console

Quick launch summary 

We’re updating the interface admins use to manage Google Groups for Business in their organizations. Google Groups for Business settings let admins control how Google Groups can be created and used within their domains. All the same settings will be available in the new interface, but the structure will be revamped to make it easier to find and change settings. 

In addition, we’re adding Groups information to the Admin audit log, which will enable admins to see when and by whom settings were changed. 

A new look for Groups for Business settings 

Groups information is now in the admin audit log 


Getting started 

  • Admins: You’ll see the new interface by default when you go to Admin console > Apps > G Suite > Groups for Business. Visit the Help Center to learn more about managing Groups for your organization
  • End users: No end-user impact. 

Rollout pace 

Availability 

  • Available to all G Suite customers 

Resources 

Roadmap 

New Google Groups becoming the default for all users on September 15, 2020

What’s changing 

Earlier this year, we made the new Google Groups generally available. Since then, it’s been the default version of Groups, but admins could turn off the new interface for their users via an Admin console setting. 

Starting on September 15, 2020, we will make new Groups the default for all users. When this happens:
Visit our Help Center for more information on new Groups and the transition from classic Groups


Who’s impacted 

Admins and end users 


Why it’s important 

New Groups has a more efficient and streamlined user interface, which makes it easier for users to create and manage groups. See our previous announcement for a full overview of the new Groups experience. In that announcement, we noted that some features in classic Groups were not yet available in new Groups. Since then, we’ve listened to your feedback and recently launched several highly requested features, including: 
We’re working to add more soon. See the Help Center for the full list of features we’re planning to launch, and follow the G Suite Updates blog for launch announcements. 


Additional details 

Planning for a complete migration to new Groups 

We’re planning to migrate all users to new Groups at a future date. At that time, classic Groups will no longer be available. We’ll announce this change on the G Suite Updates blog at least three weeks before it takes place. Note that you can use the Help Center to see a list of the features that we don’t plan to add to new Groups before this migration. 


Getting started 

  • Admins: The Admin console setting to turn off new Groups for your users will be removed. There will no longer be a way for you to require your users to use classic Groups. Visit the Help Center to learn more about new Groups and the transition from classic Groups. 
  • End users: End users will see new Groups by default when they go to groups.google.com, but can revert to classic Groups at any time. Visit the Help Center to learn how to go back to classic Groups. If users were already using new Groups there will be no change to their experience with this change. 

Rollout pace 

Availability 

  • Available to all G Suite customers

Resources 

Security groups help manage groups used for security and access control

What’s changing 

We’re making security groups available in beta. Security groups help you easily regulate, audit, and monitor groups used for permission and access control purposes. They enable admins to: 
  • Apply a label to any existing Google Group to distinguish it from email-list groups. 
  • Provide strong guarantees that: 
    • External groups (owned outside your organization) and non-security groups cannot be added as a member of a security group. 
    • Security labels, once assigned to a group, cannot be removed. 
Soon, you’ll be able to use more granular admin roles to separate administration of security and non-security groups. Keep an eye on the G Suite Updates blog for an announcement when that rolls out. 


Who’s impacted 

Admins and developers 


Why you’d use it 

Groups are used in a variety of ways. This can include groups that help teams communicate and collaborate, as well as groups that control access to important apps and resources. Security groups can help customers manage these categories of groups differently to increase their overall security posture. 

For example, if you have compliance or regulatory requirements for managing access control, you may have set up naming conventions to keep track of which groups were used for this purpose. With security groups, you can now assign a security label to these groups and more easily manage them without having to use workarounds like naming conventions. 


Getting started 

Rollout pace 

  • This feature is available now for all users in beta. 

Availability 

  • Available to all G Suite customers 

Resources 

Use service accounts with Google Groups APIs without domain-wide delegation

What’s changing 

Service accounts can now have direct access to Groups APIs without needing domain-wide delegation and admin impersonation. This means you can: 

Who’s impacted 

Admins and developers 


Why it’s important 

Using service accounts with Groups can help provide sufficient data access for business apps and enable the automation of various admin tasks. 

Previously, you had to use domain-wide delegation and admin impersonation to provide service accounts with sufficient data access. This was a cumbersome process, which could result in overly broad privileges for the service account and audit logs that were hard to interpret. 

By enabling direct API access, we’re making it easier to use service accounts to enable critical business apps and processes while making it easier to maintain a strong security and compliance posture. 


Getting started 

Rollout pace 

  • API role assignments: This feature is available now for all users 
  • Admin console roles page updates: Rapid and Scheduled release domains: Gradual rollout (up to 15 days for feature visibility) starting on August 26, 2020 Service account 
  • API access: This feature is available now for all users 

Availability 

  • Available to all G Suite customers 

Resources